From: "Douglas A. Gwyn" <DAGwyn@null.net>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] So What is P9 good for.....
Date: Mon, 17 Feb 2003 09:53:23 +0000 [thread overview]
Message-ID: <3E4DD1E5.6090101@null.net> (raw)
In-Reply-To: <Pine.LNX.4.44.0302140811010.1630-100000@carotid.ccs.lanl.gov>
Ronald G. Minnich wrote:
> On Fri, 14 Feb 2003, Douglas A. Gwyn wrote:
>>The use of set-UID-0 *applications* on Unix was extremely
>>short-sighted.
> Hey, it was worth a patent. ...
Perhaps you missed the point I was making. The
capability of executing a process with enhanced
privilege was fine, but should have been used
only to implement an access control layer or
service, not to elevate every operation in a
high-level application to superuser privilege.
At BRL we spent many man-months fixing security
holes in Research Unix but even more for BSD,
where evidently the quickest implementation was
usually the one chosen, without much regard for
security ramifications. That would have been
adequate for a single trusted error-free user,
but not in a networked timesharing environment.
CERT still receives security problem reports for
bind, sendmail, etc., and many of them can be
directly attributed to a set-UID process having
at some point during execution more privilege
than it needs to perform its intended function.
It's experiences like that that make me a big
fan of capability-based systems architecture.
next prev parent reply other threads:[~2003-02-17 9:53 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-13 15:21 John Stalker
2003-02-13 15:38 ` Ronald G. Minnich
2003-02-13 15:43 ` Boyd Roberts
2003-02-13 15:53 ` Phil White
2003-02-13 23:25 ` Jim Choate
2003-02-14 19:45 ` Dan Cross
2003-02-14 21:04 ` Phil White
2003-02-13 16:51 ` matt
2003-02-14 9:31 ` Douglas A. Gwyn
2003-02-14 15:11 ` Ronald G. Minnich
2003-02-17 9:53 ` Douglas A. Gwyn [this message]
2003-02-17 11:32 ` Geoff Collyer
2003-02-17 12:06 ` Lucio De Re
2003-02-17 13:36 ` Russ Cox
2003-02-17 13:41 ` Lucio De Re
2003-02-17 21:37 ` Andrew
2003-02-17 22:03 ` Geoff Collyer
2003-02-17 22:07 ` Russ Cox
2003-02-17 22:07 ` rob pike, esq.
2003-02-17 22:59 ` northern snowfall
2003-02-17 23:10 ` Russ Cox
2003-02-17 23:23 ` George Michaelson
2003-02-18 0:53 ` Skip Tavakkolian
2003-02-18 0:51 ` Mike Haertel
2003-02-18 9:33 ` Douglas A. Gwyn
2003-02-18 9:49 ` [9fans] Re: acd compile problem Conor Williams
2003-02-18 10:01 ` nigel
2003-02-18 17:30 ` [9fans] So What is P9 good for Skip Tavakkolian
2003-02-18 17:25 ` nigel
2003-02-18 4:13 ` Jack Johnson
2003-02-18 9:10 ` M Heath
2003-02-20 2:52 ` Martin C.Atkins
2003-02-17 23:35 ` matt
2003-02-17 23:45 ` George Michaelson
2003-02-18 1:53 ` Geoff Collyer
2003-02-17 23:32 ` Dan Cross
2003-02-14 2:06 ` Geoff Collyer
2003-02-14 9:31 ` Richard Miller
2003-02-14 9:34 ` Geoff Collyer
2003-02-14 15:12 ` Ronald G. Minnich
2003-02-14 13:40 ` David Presotto
2003-02-14 16:44 ` rob pike, esq.
2003-02-14 16:47 ` Ronald G. Minnich
2003-02-15 3:27 ` Geoff Collyer
2003-02-15 6:29 ` Ronald G. Minnich
2003-02-15 9:39 ` Digby Tarvin
2003-02-17 9:53 ` Douglas A. Gwyn
2003-02-17 9:53 ` Douglas A. Gwyn
-- strict thread matches above, loose matches on Subject: below --
2003-02-18 15:34 Tom Glinos
2003-02-18 15:39 ` Ronald G. Minnich
2003-02-18 3:06 okamoto
2003-02-18 1:34 okamoto
2003-02-15 6:47 Andrew Simmons
2003-02-14 21:55 Skip Tavakkolian
2003-02-14 21:58 ` Doc Shipley
2003-02-15 0:20 ` Dan Cross
2003-02-13 14:20 peter a. cejchan
2003-02-13 9:37 Jeffrey Haun
2003-02-13 10:04 ` Stephen Wynne
2003-02-13 17:52 ` maynard
2003-02-13 18:12 ` Scott Schwartz
2003-02-13 20:00 ` Jack Johnson
2003-02-13 10:11 ` Phil White
2003-02-13 10:22 ` Lucio De Re
2003-02-13 10:33 ` Skip Tavakkolian
2003-02-13 13:54 ` Russ Cox
2003-02-13 14:00 ` Lucio De Re
2003-02-13 16:26 ` rob pike, esq.
2003-02-13 16:31 ` northern snowfall
2003-02-13 23:28 ` Jim Choate
2003-02-14 19:50 ` mike
2003-02-14 20:05 ` Doc Shipley
2003-02-14 19:51 ` Dan Cross
2003-02-13 14:00 ` northern snowfall
2003-02-13 18:02 ` Jack Johnson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3E4DD1E5.6090101@null.net \
--to=dagwyn@null.net \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).