Re: Allowing users to set set[ug]id bits
Andrew G. Morgan (morgan@parc.power.net)
Thu, 19 Dec 1996 11:53:08 -0800 (PST)
Theodore Y. Ts'o wrote:
> From: marekm@i17linuxb.ists.pwr.wroc.pl (Marek Michalkiewicz)
> Date: Wed, 18 Dec 1996 19:10:51 +0100 (MET)
>
> BTW, the idea is not mine - SCO UNIX supports something like this, so
> I thought it would be good to have that in Linux too (SCO sucks when
> it comes to performance, but they have some nice security features;
> I think we can have both performance and security). Quoting from the
> SCO man page:
>
> setpriv(S)
>
> This is part of the POSIX.6 security specification, which is something
> *additional* that you can layer on top of Linux. Note that it doesn't
> turn completely destroy the ability to make setuid programs, but it
> allows the system administrator to restrict (and many other things) on a
> very fine-grained basis.
It might also be considered as a pre-requisite for ever getting Linux to C2
[See the *first* paragraph of the C2 discussion (paragraph 2.2.1.1) in the
Orange book: ftp://csrc.nist.gov/pub/csrc/secpubs/rainbow/index.html ].
Best wishes
Andrew
PS. Personally, I like LD's remarks about an API+modular kernel approach to
decisions of this sort. I could imagine a future in which you slot in your
prefered module for D (for those that want security like that found in DOS)
through C1-2, B1-2-3 or whatever you like....
--
Linux-PAM: http://parc.power.net/morgan/Linux-PAM/index.html
libpwdb: http://parc.power.net/morgan/libpwdb/index.html