Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site axiom.UUCP Path: utzoo!watmath!clyde!bonnie!akgua!whuxlm!harpo!decvax!linus!axiom!smk From: smk@axiom.UUCP (Steven M. Kramer) Newsgroups: net.unix-wizards Subject: Re: implementing access control lists in 4.2bsd Message-ID: <56@axiom.UUCP> Date: Tue, 25-Jun-85 17:36:21 EDT Article-I.D.: axiom.56 Posted: Tue Jun 25 17:36:21 1985 Date-Received: Thu, 27-Jun-85 07:42:32 EDT References: <425@linus.UUCP> <121@ho95e.UUCP> Distribution: net Organization: Axiom Technology, Newton MA Lines: 24 > Bill Stewart, AT&T Bell Labs, Holmdel NJ 1-201-949-0705 ihnp4!ho95c!wcs > Protection Mechanism Under UNIX". He wanted the same kind of flexibility you > wanted, written in a portable way without kernel hacking. So he invented > Capa's. A capa is a program you can give somebody which gives them permission The problem with capa's is that although there is no kernel hacking necessary, there is not complete security when using them, and more importantly, many UNIX programs do not have the command line interface that is required with them. The philosophy of capa's, for those who do not know, is to have a setuid program deal with opening files and the capa (capability) is really a file descriptor passed to a normal program from the setuid program (since UNIX allows them to be passed via an exec). I have done similar things with setuid programs in Linus III/IV by having a setuid program become a resource manager. I guess the point in both applications is that, when properly administered, setuid programs can become extremely useful in creating "domains" for handling least privilege concepts. (They also can easily defeat such purposes as we know.) -- --steve kramer {allegra,genrad,ihnp4,utzoo,philabs,uw-beaver}!linus!axiom!smk (UUCP) linus!axiom!smk@mitre-bedford (MIL)