[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Identifiers

To: "'securedistros@humbolt.nl.linux.org'" <securedistros@humbolt.nl.linux.org>
Subject: RE: Identifiers
From: Tony Gurnick <TonyG@clemenger.co.nz>
Date: Mon, 12 Jul 1999 08:58:05 +1200
Reply-To: securedistros@humbolt.nl.linux.org
Sender: owner-securedistros@humbolt.nl.linux.org

could someone point me to a FAQ that explains the current set of Linux/unix
security mechanisms/issues in detail?


	What I am looking for is how they work, not just holes that have
come up as a result of how they work


> -----Original Message-----
> From:	Hugo Van den Berg [SMTP:H.VandenBerg@nrcc.nl]
> Sent:	Saturday, July 10, 1999 1:06 AM
> To:	securedistros@humbolt.nl.linux.org
> Subject:	Identifiers
> 
> Maybe something to think about if it's useful. VMS used to have the
> concept of identifiers. Identifiers could be associated with rights on the
> system, both rights to files and kernel rights. Identifiers could be given
> to users at login and to installed images. I don't think we should bring
> installed images back, because Linux has better mechanisms for sharing
> code, but we could attach them to executables, kind of like SGID, but with
> the ability to attach more than one, and you would not just set the
> identifier but also the associated rights.
> 
> The big advantage IMHO is the ease of administration. If for example ping
> and traceroute need the same rights you only need to create a single
> identifier and attach that to both executables. If something changes in
> the required rights you only need one change.
> 
> This would also allow controlled access to files and directories, i.e.
> only certain programs can gain access to certain locations.
> 
> The use of identifiers or something similar would require some kernel
> changes, the ACL code in ext2fs for one thing, but I think it can be done
> without losing compatibility. Maybe a modifiction to group handling would
> even suffice.
> 
> Ciao,
> 
> Hugo.
> 
> ----------------------------------------------------------------
> Hugo Van den Berg - h.vandenberg@nrcc.nl
> Network Resource Consultants and Company BV
> Plesmanstraat 62   3905 KZ  Veenendaal
> Postbus 67         3900 AB  Veenendaal
> Tel: +31 318 555 059 Fax: +31 318 517276
> Visit us at http://www.nrcc.nl
> ----------------------------------------------------------------
> 
> -
> Securedistros: A common list for all secured Linux distributions
> Archive:       http://humbolt.nl.linux.org/lists/
-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/

Follow-Ups:
- RE: Identifiers
  - From: Louis Bertrand <louis@odel.on.ca>

Prev by Date: Re: Identifiers
Next by Date: RE: Identifiers
Prev by thread: Re: Identifiers
Next by thread: RE: Identifiers
Index(es):
- Date
- Thread