I am always maundering about some aspect of VMS, so I've tried to hold my
tongue this time.
> Back in my VMS days (some time ago, anymore) we would deal with things
> called "known images." Essentially, VMS maintained a central database of
> executibles which would be run with enhanced privileges. It was your
> typical opaque VMS thing behind fifteen layers of RMS stuff, but it worked,
^^^
Nope. The Known Files List is an in-core data structure only. You want
an image to be known, you execute INSTALL on it every time you boot.
> and it had one distinct advantage: the system knew, at any time, what and
> where *every* privileged executible was. No need for security scanners and
> such, just ask.
No spoofing, either. The kernel holds an open file handle on each known
file all the time it is "known". The file *cannot* be replaced unless you
deINSTALL it. And the file's KFL entry is the only thing consulted when
checking for amplified privileges, so privs evaporate when you deINSTALL.
> To top it off, databases like this in VMS could be set up with all kinds of
> ACL traps to raise hell every time somebody changes them.
This is that heavy-duty audit stuff discussed in another recent thread.
You need a certain privilege to make KFEs, and the system can be set to
audit every use of that privilege.
> The downside, of course, is that a lookup has to be performed for ever
> exec() the system does.
I presume that the KFL is hashed or something. The lookup is so fast I
couldn't say how long it takes. The KFL only has about a hundred entries,
on systems I've examined. Besides, INSTALLed images start *faster*
because the file header (including a chunk of retrieval pointers) stays in
core forever -- the usage count never drops to zero, y'know. Some people
INSTALL a few images with no privs, just to get 'em to start faster.
-- Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu Specializing in unusual perspectives for more than twenty years.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/