> * (as Vadim E. Kogan already pointed out) From security point of view,
> all objects in the system are equal: they all have some rights that they
> can excercise (but no other), even though those rights can differ
> greatly. This diversity is one of the reasons why capability lists won't
> cut it, and it doesn't matter if the list is now 64 (I think the
> original proposal was 32) bits long - in time, this list will only grow
> longer and the system will become less efficient and more complex (mind
> you that complexity and security don't go along very well).
Well, here I can say that with right a approach it can still be
efficient and powerfull at the same time, where powerfull is to allow
complex configurations. Simplicity can be archieved via reasonable
defaults, which can be tuned in one place. For real security these
defaults should be "no rights" at all, which will make admin/user give
all rights he wants to give in a separate "order". And to do this you
have to know exactly what you need and how the system works, plus it
takes some time. I guess that's what makes people be afraid of "complex"
:)
>
> * You can't make a (good security) pie without breaking the (POSIX)
> eggs..
Agree. And in a perfect system, user defines not only permissions, but
also rules to use these permissions. But this is not me or other people
I know want. And this kind of system will be inefficient for practical
purposes. So we're stuck with more simple and less general solutions,
but POSIX seems to be too simple and too "specific" or "non-abstract".
>
> Andrej
>
> --
> Andrej Presern, andrejp@luz.fe.uni-lj.si
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
Vadim
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu