Re: permissions idea (Re: [9fans] on the topic of viruses)

Re: permissions idea (Re: [9fans] on the topic of viruses)

[presotto]

[-- Attachment #1: Type: text/plain, Size: 203 bytes --]

Create two groups:

friends
acquaintances

then create the file

> file
chgrp -o friends file
chgrp acquaintances file
chmod 640 file

Make yourself the leader of friends and acquaintances.

[-- Attachment #2: Type: message/rfc822, Size: 2223 bytes --]

From: Matthew Hannigan <mlh@zip.com.au>
To: 9fans@cse.psu.edu
Subject: Re: permissions idea (Re: [9fans] on the topic of viruses)
Date: Tue, 02 Oct 2001 17:11:08 +0200
Message-ID: <3BB9D90C.C27A64E3@zip.com.au>



"Douglas A. Gwyn" wrote:
> 
> Matthew Hannigan wrote:
> > ... perhaps we could have ...
> 
> I don't think any scheme with fixed categories of trust
> can suffice for heavy-duty security. ...	

Sure; I was just trying to figure out how
to get the mostest for the leastest.

I still think that my scheme of two groups
solves a large nr of cases.

How does plan9 solve the problem of someone
wanting to allow his close friends having write
access, acquaintances read access and others none?

I had a look at the man page but it seems to
have the same triple as unix.  Or can the
owner be a group?

Regards,
 -Matt

Re: permissions idea (Re: [9fans] on the topic of viruses)

[okamoto]

>Capability-based security is
>an old idea, but there have some recent developments
>that may make it more practical.

I'm still wondering a random number created by a certain computer
program is really random???  :-)

Kenji   -- yes, I'm kidding--

Re: permissions idea (Re: [9fans] on the topic of viruses)

[Douglas A. Gwyn]

okamoto@granite.cias.osakafu-u.ac.jp wrote:
> I'm still wondering a random number created by a certain computer
> program is really random???  :-)

It's easy enough, when the hardware exists (and cheap to provide when
not already available), but there's no real need for it to implement
capas; processes can't really loop to guess values for a capa, since
one wrong guess terminates them, and there is no backward inheritance
so forking the guesses doesn't help.

Re: [9fans] on the topic of viruses

[dmr]

Thanks for the typo-correction for the URL:

http://www.cs.bell-labs.com/who/dmr/tdvirus.pdf

is indeed the correct current place.  I heard from Duff
that he's content to have it visible.

The topic is somewhat off-topic for Plan 9, but not
by too much, because similar schemes remain plausible
in Plan 9 systems.  Among the small changes to recent
filesystems/protocols is the transmission and maintenance
of a last-modifier UID for files--one of the minor but
useful diagnostic tools that help.

Gwyn's correct, by the way, that AT&T Federal Systems
did do System V/MLS certified to B1 or B2 or so.
This was independent of the McIlroy and Reeds work,
though I'm certain there was consultation.

	Dennis

Re: [9fans] on the topic of viruses

[Boyd Roberts]

> http://www.cs.bell-labs.com/who/dmr/tdvirus.pdf

i love the scan.  i know that i'd read it, i just can't think how.

paul vixie changed gatekeeper's kernel in '92/93 so that only root
could set the public execute bit as a form of certification, which
duff speaks of.  of course, this was just glue but nevertheless a
clever, easy to implement and efficient hack.

permissions idea (Re: [9fans] on the topic of viruses)

[Matthew Hannigan]

Fantastic read.  One of the most interesting bits
for me was reading x permissions described as not
really permissions at all, which is what I've always
thought.  Nice to see it repeated by a more learned
person.

My answer to this would have been to remove them
entirely, not elevate them to a certificate of trust
though?

(thinks bubble)
maybe we reassign the bits meaning: instead of
rwxrwxrwx perhaps we could have rwrwrwrwx where
the doubles are for owner, writing group,
reading group, trustable.

4 groups covers 99+44/99 possibilities.  no need
for icky acls ...

Now all I have to do is solve on disk compatibility...

-Matt
PS. sorry if all this is solved by plan9 .. I confess
I haven't installed it yet!


Boyd Roberts wrote:
> 
> > http://www.cs.bell-labs.com/who/dmr/tdvirus.pdf
> 
> i love the scan.  i know that i'd read it, i just can't think how.
> 
> paul vixie changed gatekeeper's kernel in '92/93 so that only root
> could set the public execute bit as a form of certification, which
> duff speaks of.  of course, this was just glue but nevertheless a
> clever, easy to implement and efficient hack.

Re: permissions idea (Re: [9fans] on the topic of viruses)

[Matthew Hannigan]

Matthew Hannigan wrote:
>
> maybe we reassign the bits meaning: instead of
> rwxrwxrwx perhaps we could have rwrwrwrwx where
> the doubles are for owner, writing group,
> reading group, trustable.

should read:
	.. owner, writing, reading, OTHER, trust bit.

Re: permissions idea (Re: [9fans] on the topic of viruses)

[Douglas A. Gwyn]

Matthew Hannigan wrote:
> ... perhaps we could have ...

I don't think any scheme with fixed categories of trust
can suffice for heavy-duty security.  Even the military
(fixed) "levels" are augmented by orthogonal (freely
created) "compartments" to attain betten control over
access.  The big problem in automating a security
policy is in stopping people or programs from taking it
upon themselves to circumvent the policy.  The only
viable solution I know of is for *every* mode of access
to *every* object to require the accessor to possess an
appropriate "capability".  Capability-based security is
an old idea, but there have some recent developments
that may make it more practical.

Re: permissions idea (Re: [9fans] on the topic of viruses)

[Matthew Hannigan]

"Douglas A. Gwyn" wrote:
> 
> Matthew Hannigan wrote:
> > ... perhaps we could have ...
> 
> I don't think any scheme with fixed categories of trust
> can suffice for heavy-duty security. ...	

Sure; I was just trying to figure out how
to get the mostest for the leastest.

I still think that my scheme of two groups
solves a large nr of cases.

How does plan9 solve the problem of someone
wanting to allow his close friends having write
access, acquaintances read access and others none?

I had a look at the man page but it seems to
have the same triple as unix.  Or can the
owner be a group?

Regards,
 -Matt