> >It just doesn't give every program that happens to run under a specific
> >uid (say, root) the authority to shoot wherever it wants (including your
> >foot) but instead let's you specify where (and how much) each program is
> >allowed to shoot.
[SNIPPED]
> I don't know of any operating system that bases permissions on each
> program. So far as I know, every operating system bases the permissions on
> those associated with the user that "happens to" run the program. There is
> no operating system I know of where it is safe for a privileged user to run
> buggy or malicious userland programs.
VAX/VMS has the capability of running privileged programs. They are
ordinary programs, but can't be linked to the debugger. The are
"installed" upon startup with the privileges that they need to run.
This is so an ordinary user doesn't need to have such privileges.
The VAX/VMS equivalent of 'root' is "SYSTEM". The SYSTEM account,
by default, has most of the privilege bits set and can set any
because it has "SETPRV" privilege. SYSTEM can destroy (or fix)
anything.
Now Linux is Unix. There is now an ongoing program to provide
Unixes (including Linux) with a privilege bit-map such as VAX/VMS.
This will allow more controlled access to shared resources than the
current "superuser can do anything", mode. However, there must be
a privilege to set the privilege bits, you give this to a user or
a privileged program and you are back to the "superuser can do anything"
mode.
$ SET PROC/PRIV=ALL
$ @SYS$SYSTEM:SHUTDOWN
Cheers,
Dick Johnson
***** FILE SYSTEM MODIFIED *****
Penguin : Linux version 2.1.92 on an i586 machine (66.15 BogoMips).
Warning : It's hard to remain at the trailing edge of technology.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu