[791] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] standard users,groups,perms?

daemon@ATHENA.MIT.EDU (Rogier Wolff)
Wed Jun 12 18:59:45 1996

To: root@kbs.net
Date: Wed, 12 Jun 1996 09:37:16 +0200 (METDST)
Cc: R.E.Wolff@et.tudelft.nl, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.93.960611233311.26953A-100000@kbs.net> from "Sanjay Kapur" at Jun 11, 96 11:44:28 pm
From: R.E.Wolff@et.tudelft.nl (Rogier Wolff)
X-Return-Receipt-To: wolff@erasmus.et.tudelft.nl

> 
> On Tue, 11 Jun 1996, Rogier Wolff wrote:
> 
> > 
> > To do this, every uid should get
> > a bitvector of privileges. Every "suser()" call in the
> > kernel should get mapped to one of the bits. The default
> > setup sets all of these bits to "enabled" for "root" and
> > "disabled" for all other users. 
> 
> VMS, Secure VMS etc. have this and it is very well documented.  Another
> thing that higher level security requires is Access Control Lists (ACLs)
> rather than the very simplistic user/group/world security model of Unix.

Agreed. Is Remi Card on this list? We should try to push him to
implement ACLs finally... (Or was I at the north pole while it was
implemented :-)

[Mod: Remy's not on this list (that I know of, though he might be on it
via a secondary exploder), but he is working in this direction.  See
linux.nrao.edu:/pub/linux/packages/ext2fs/slides/berlin96/acl-*
(mirrored from tsx-11) for a brief outline of his current ACL work.
--Jeff.]

> Security is not a question of technology or using a string "root" to log
> on but a frame of mind and a set of procedures.  Large systems security
> policies, although nice just do not apply to single user systems.  If it
> did, Bill Gates would not be worth $17 billion selling over 60
> million copies of Windows and MSDOS every year.

Aha! Yes Agreed. As Domain/OS users will know, ACLs are a superset of
the old-fashioned user/group/others permission bits. I am suggesting
to implement the kernel level support for good security, not that I
want to push it onto every single Linux user. There are lots of
features that normal home-users won't use (firewalling for instance).


					Roger.

-- 
 ** Q: What's the difference between MicroSoft Windows and a virus?       **
 ** A: Apart from the fact that virusses install easier, none.            **
 ** EMail: R.E.Wolff@et.tudelft.nl * Tel +31-15-2783643 or +31-15-2137459 **
 *** <a href="http://einstein.et.tudelft.nl/~wolff/">my own homepage</a> ***

home help back first fref pref prev next nref lref last post