implementing access control lists in 4.2bsd
x0705
wcs at ho95e.UUCP
Fri Jun 21 09:09:08 AEST 1985
> so, I implemented access control lists in UNIX. [.....]
>
>... the changes to the kernel were very minor: two new system calls were
>
> /jeff
>
> security!jjg at mitre-bedford.ARPA (MIL)
> {allegra,ihnp4,utzoo,philabs,uw-beaver}!linus!security!jjg (UUCP)
At the Dallas USENIX, Dan Klein of Avatar gave a paper on "A Capability Based
Protection Mechanism Under UNIX". He wanted the same kind of flexibility you
wanted, written in a portable way without kernel hacking. So he invented
Capa's. A capa is a program you can give somebody which gives them permission
to do <something> and/or <anything> to one or more files that belong to you.
Capa's appear to be secure and flexible, and they're portable (V6, V7, 4.2BSD,
System III, System V!) The code for them is described in the paper.
(There's a typo on the last-4th line; change "*execv = 0" into "*ev = 0".)
Dan's mailing address is listed as
{mcnc,decvax,floyd}!dls!mi-cec!dvk
Dan.Klein at CMU-CS-A.ARPA
but you should really get the procedings from the conference so you can read
the other papers also.
--
Bill Stewart, AT&T Bell Labs, Holmdel NJ 1-201-949-0705 ihnp4!ho95c!wcs
More information about the Comp.unix.wizards
mailing list