* Re: permissions idea (Re: [9fans] on the topic of viruses)
@ 2001-10-03 1:14 okamoto
2001-10-04 9:11 ` Douglas A. Gwyn
0 siblings, 1 reply; 7+ messages in thread
From: okamoto @ 2001-10-03 1:14 UTC (permalink / raw)
To: 9fans
>Capability-based security is
>an old idea, but there have some recent developments
>that may make it more practical.
I'm still wondering a random number created by a certain computer
program is really random??? :-)
Kenji -- yes, I'm kidding--
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: permissions idea (Re: [9fans] on the topic of viruses)
2001-10-03 1:14 permissions idea (Re: [9fans] on the topic of viruses) okamoto
@ 2001-10-04 9:11 ` Douglas A. Gwyn
0 siblings, 0 replies; 7+ messages in thread
From: Douglas A. Gwyn @ 2001-10-04 9:11 UTC (permalink / raw)
To: 9fans
okamoto@granite.cias.osakafu-u.ac.jp wrote:
> I'm still wondering a random number created by a certain computer
> program is really random??? :-)
It's easy enough, when the hardware exists (and cheap to provide when
not already available), but there's no real need for it to implement
capas; processes can't really loop to guess values for a capa, since
one wrong guess terminates them, and there is no backward inheritance
so forking the guesses doesn't help.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: permissions idea (Re: [9fans] on the topic of viruses)
@ 2001-10-02 15:37 presotto
0 siblings, 0 replies; 7+ messages in thread
From: presotto @ 2001-10-02 15:37 UTC (permalink / raw)
To: 9fans
[-- Attachment #1: Type: text/plain, Size: 203 bytes --]
Create two groups:
friends
acquaintances
then create the file
> file
chgrp -o friends file
chgrp acquaintances file
chmod 640 file
Make yourself the leader of friends and acquaintances.
[-- Attachment #2: Type: message/rfc822, Size: 2223 bytes --]
From: Matthew Hannigan <mlh@zip.com.au>
To: 9fans@cse.psu.edu
Subject: Re: permissions idea (Re: [9fans] on the topic of viruses)
Date: Tue, 02 Oct 2001 17:11:08 +0200
Message-ID: <3BB9D90C.C27A64E3@zip.com.au>
"Douglas A. Gwyn" wrote:
>
> Matthew Hannigan wrote:
> > ... perhaps we could have ...
>
> I don't think any scheme with fixed categories of trust
> can suffice for heavy-duty security. ...
Sure; I was just trying to figure out how
to get the mostest for the leastest.
I still think that my scheme of two groups
solves a large nr of cases.
How does plan9 solve the problem of someone
wanting to allow his close friends having write
access, acquaintances read access and others none?
I had a look at the man page but it seems to
have the same triple as unix. Or can the
owner be a group?
Regards,
-Matt
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: permissions idea (Re: [9fans] on the topic of viruses)
2001-10-02 8:34 ` Douglas A. Gwyn
@ 2001-10-02 15:11 ` Matthew Hannigan
0 siblings, 0 replies; 7+ messages in thread
From: Matthew Hannigan @ 2001-10-02 15:11 UTC (permalink / raw)
To: 9fans
"Douglas A. Gwyn" wrote:
>
> Matthew Hannigan wrote:
> > ... perhaps we could have ...
>
> I don't think any scheme with fixed categories of trust
> can suffice for heavy-duty security. ...
Sure; I was just trying to figure out how
to get the mostest for the leastest.
I still think that my scheme of two groups
solves a large nr of cases.
How does plan9 solve the problem of someone
wanting to allow his close friends having write
access, acquaintances read access and others none?
I had a look at the man page but it seems to
have the same triple as unix. Or can the
owner be a group?
Regards,
-Matt
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: permissions idea (Re: [9fans] on the topic of viruses)
2001-10-01 16:13 ` permissions idea (Re: [9fans] on the topic of viruses) Matthew Hannigan
2001-10-01 16:18 ` Matthew Hannigan
@ 2001-10-02 8:34 ` Douglas A. Gwyn
2001-10-02 15:11 ` Matthew Hannigan
1 sibling, 1 reply; 7+ messages in thread
From: Douglas A. Gwyn @ 2001-10-02 8:34 UTC (permalink / raw)
To: 9fans
Matthew Hannigan wrote:
> ... perhaps we could have ...
I don't think any scheme with fixed categories of trust
can suffice for heavy-duty security. Even the military
(fixed) "levels" are augmented by orthogonal (freely
created) "compartments" to attain betten control over
access. The big problem in automating a security
policy is in stopping people or programs from taking it
upon themselves to circumvent the policy. The only
viable solution I know of is for *every* mode of access
to *every* object to require the accessor to possess an
appropriate "capability". Capability-based security is
an old idea, but there have some recent developments
that may make it more practical.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: permissions idea (Re: [9fans] on the topic of viruses)
2001-10-01 16:13 ` permissions idea (Re: [9fans] on the topic of viruses) Matthew Hannigan
@ 2001-10-01 16:18 ` Matthew Hannigan
2001-10-02 8:34 ` Douglas A. Gwyn
1 sibling, 0 replies; 7+ messages in thread
From: Matthew Hannigan @ 2001-10-01 16:18 UTC (permalink / raw)
To: 9fans
Matthew Hannigan wrote:
>
> maybe we reassign the bits meaning: instead of
> rwxrwxrwx perhaps we could have rwrwrwrwx where
> the doubles are for owner, writing group,
> reading group, trustable.
should read:
.. owner, writing, reading, OTHER, trust bit.
^ permalink raw reply [flat|nested] 7+ messages in thread
* permissions idea (Re: [9fans] on the topic of viruses)
2001-09-28 9:58 ` Boyd Roberts
@ 2001-10-01 16:13 ` Matthew Hannigan
2001-10-01 16:18 ` Matthew Hannigan
2001-10-02 8:34 ` Douglas A. Gwyn
0 siblings, 2 replies; 7+ messages in thread
From: Matthew Hannigan @ 2001-10-01 16:13 UTC (permalink / raw)
To: 9fans
Fantastic read. One of the most interesting bits
for me was reading x permissions described as not
really permissions at all, which is what I've always
thought. Nice to see it repeated by a more learned
person.
My answer to this would have been to remove them
entirely, not elevate them to a certificate of trust
though?
(thinks bubble)
maybe we reassign the bits meaning: instead of
rwxrwxrwx perhaps we could have rwrwrwrwx where
the doubles are for owner, writing group,
reading group, trustable.
4 groups covers 99+44/99 possibilities. no need
for icky acls ...
Now all I have to do is solve on disk compatibility...
-Matt
PS. sorry if all this is solved by plan9 .. I confess
I haven't installed it yet!
Boyd Roberts wrote:
>
> > http://www.cs.bell-labs.com/who/dmr/tdvirus.pdf
>
> i love the scan. i know that i'd read it, i just can't think how.
>
> paul vixie changed gatekeeper's kernel in '92/93 so that only root
> could set the public execute bit as a form of certification, which
> duff speaks of. of course, this was just glue but nevertheless a
> clever, easy to implement and efficient hack.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2001-10-04 9:11 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-10-03 1:14 permissions idea (Re: [9fans] on the topic of viruses) okamoto
2001-10-04 9:11 ` Douglas A. Gwyn
-- strict thread matches above, loose matches on Subject: below --
2001-10-02 15:37 presotto
2001-09-28 1:06 [9fans] on the topic of viruses dmr
2001-09-28 9:58 ` Boyd Roberts
2001-10-01 16:13 ` permissions idea (Re: [9fans] on the topic of viruses) Matthew Hannigan
2001-10-01 16:18 ` Matthew Hannigan
2001-10-02 8:34 ` Douglas A. Gwyn
2001-10-02 15:11 ` Matthew Hannigan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).