[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Identifiers

To: "'securedistros@humbolt.nl.linux.org'" <securedistros@humbolt.nl.linux.org>
Subject: RE: Identifiers
From: Louis Bertrand <louis@odel.on.ca>
Date: Mon, 12 Jul 1999 09:10:29 -0400 (EDT)
In-Reply-To: <B19ED1C7C267D211972100805F6D3C5F54219E@COAEXCHG1>
Reply-To: securedistros@humbolt.nl.linux.org
Sender: owner-securedistros@humbolt.nl.linux.org

Secure UNIX Programming FAQ
  http://www.whitefang.com/sup/

 --Louis
--
Louis Bertrand <louis@odel.on.ca>
O'Dell Engineering Ltd.  Tel: 519-740-8620  Fax: 519-740-9483

OpenBSD: Secure by default  <http://www.openbsd.org/>


On Mon, 12 Jul 1999, Tony Gurnick wrote:

> could someone point me to a FAQ that explains the current set of Linux/unix
> security mechanisms/issues in detail?
> 
> 
> 	What I am looking for is how they work, not just holes that have
> come up as a result of how they work
> 
> 
> > -----Original Message-----
> > From:	Hugo Van den Berg [SMTP:H.VandenBerg@nrcc.nl]
> > Sent:	Saturday, July 10, 1999 1:06 AM
> > To:	securedistros@humbolt.nl.linux.org
> > Subject:	Identifiers
> > 
> > Maybe something to think about if it's useful. VMS used to have the
> > concept of identifiers. Identifiers could be associated with rights on the
> > system, both rights to files and kernel rights. Identifiers could be given
> > to users at login and to installed images. I don't think we should bring
> > installed images back, because Linux has better mechanisms for sharing
> > code, but we could attach them to executables, kind of like SGID, but with
> > the ability to attach more than one, and you would not just set the
> > identifier but also the associated rights.
> > 
> > The big advantage IMHO is the ease of administration. If for example ping
> > and traceroute need the same rights you only need to create a single
> > identifier and attach that to both executables. If something changes in
> > the required rights you only need one change.
> > 
> > This would also allow controlled access to files and directories, i.e.
> > only certain programs can gain access to certain locations.
> > 
> > The use of identifiers or something similar would require some kernel
> > changes, the ACL code in ext2fs for one thing, but I think it can be done
> > without losing compatibility. Maybe a modifiction to group handling would
> > even suffice.
> > 
> > Ciao,
> > 
> > Hugo.
> > 
> > ----------------------------------------------------------------
> > Hugo Van den Berg - h.vandenberg@nrcc.nl
> > Network Resource Consultants and Company BV
> > Plesmanstraat 62   3905 KZ  Veenendaal
> > Postbus 67         3900 AB  Veenendaal
> > Tel: +31 318 555 059 Fax: +31 318 517276
> > Visit us at http://www.nrcc.nl
> > ----------------------------------------------------------------
> > 
> > -
> > Securedistros: A common list for all secured Linux distributions
> > Archive:       http://humbolt.nl.linux.org/lists/
> -
> Securedistros: A common list for all secured Linux distributions
> Archive:       http://humbolt.nl.linux.org/lists/
> 

-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/

References:
- RE: Identifiers
  - From: Tony Gurnick <TonyG@clemenger.co.nz>

Prev by Date: RE: Identifiers
Next by Date: Re: tripwire database handling (WAS:Re: hacked boxes / countermeasures)
Prev by thread: RE: Identifiers
Next by thread: Re: tripwire database handling (WAS:Re: hacked boxes / countermeasures)
Index(es):
- Date
- Thread