implementing access control lists in 4.2bsd
Steven M. Kramer
smk at axiom.UUCP
Wed Jun 26 07:36:21 AEST 1985
> Bill Stewart, AT&T Bell Labs, Holmdel NJ 1-201-949-0705 ihnp4!ho95c!wcs
> Protection Mechanism Under UNIX". He wanted the same kind of flexibility you
> wanted, written in a portable way without kernel hacking. So he invented
> Capa's. A capa is a program you can give somebody which gives them permission
The problem with capa's is that although there is no kernel hacking
necessary, there is not complete security when using them, and more
importantly, many UNIX programs do not have the command line
interface that is required with them. The philosophy of capa's, for those
who do not know, is to have a setuid program deal with opening files and
the capa (capability) is really a file descriptor passed to a normal
program from the setuid program (since UNIX allows them to be passed via
an exec). I have done similar things with setuid programs in Linus III/IV
by having a setuid program become a resource manager.
I guess the point in both applications is that, when properly
administered, setuid programs can become extremely useful in creating
"domains" for handling least privilege concepts. (They also can easily
defeat such purposes as we know.)
--
--steve kramer
{allegra,genrad,ihnp4,utzoo,philabs,uw-beaver}!linus!axiom!smk (UUCP)
linus!axiom!smk at mitre-bedford (MIL)
More information about the Comp.unix.wizards
mailing list