Re: Subject: Re: ext3 to include capabilities?

Mark H. Wood (mwood@iupui.edu)
Wed, 7 Apr 1999 15:26:11 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Peter Schlaile: "[PATCH] V4L 2.2.5 find_vga()"
Previous message: G. Allen Morris III: "Re: Scary NFS messages...."

On Wed, 7 Apr 1999, Jonathan Corbet wrote:
> In all this discussion, I'm surprised that this old idea hasn't gone by:

I am always maundering about some aspect of VMS, so I've tried to hold my
tongue this time.

> Back in my VMS days (some time ago, anymore) we would deal with things
> called "known images." Essentially, VMS maintained a central database of
> executibles which would be run with enhanced privileges. It was your
> typical opaque VMS thing behind fifteen layers of RMS stuff, but it worked,
^^^
Nope. The Known Files List is an in-core data structure only. You want
an image to be known, you execute INSTALL on it every time you boot.

> and it had one distinct advantage: the system knew, at any time, what and
> where *every* privileged executible was. No need for security scanners and
> such, just ask.

No spoofing, either. The kernel holds an open file handle on each known
file all the time it is "known". The file *cannot* be replaced unless you
deINSTALL it. And the file's KFL entry is the only thing consulted when
checking for amplified privileges, so privs evaporate when you deINSTALL.

> To top it off, databases like this in VMS could be set up with all kinds of
> ACL traps to raise hell every time somebody changes them.

This is that heavy-duty audit stuff discussed in another recent thread.
You need a certain privilege to make KFEs, and the system can be set to
audit every use of that privilege.

> The downside, of course, is that a lookup has to be performed for ever
> exec() the system does.

I presume that the KFL is hashed or something. The lookup is so fast I
couldn't say how long it takes. The KFL only has about a hundred entries,
on systems I've examined. Besides, INSTALLed images start *faster*
because the file header (including a chunk of retrieval pointers) stays in
core forever -- the usage count never drops to zero, y'know. Some people
INSTALL a few images with no privs, just to get 'em to start faster.

-- Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu Specializing in unusual perspectives for more than twenty years.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Peter Schlaile: "[PATCH] V4L 2.2.5 find_vga()"
Previous message: G. Allen Morris III: "Re: Scary NFS messages...."