Both Trusted Solaris and the SecureWare CMW (HP-UX CMW, Digital MLS+,
SCO CMW) use this type of scheme.
SecureWare names the file privilege sets granted and potential,
as opposed to forced and allowed. But in general the concepts
are the same.
This kind of setup allows a secure programming method that is called
"privilege bracketing". In which you drop all effective privileges at
the very beginning of a program, then raise them into the effective
set as needed. This limits the ability of "shellcode" and sub-processes
to do nasty things with privileges.
>Linux currently does not have saved set (AFAIK)
The saved set provides privilege sanity when changing effective UID.
John
-- John Wojtowicz, Secure Systems Engr. ph: (703) 318-7134 Trusted Computer Solutions, Inc. fax: (703) 318-5041 13873 Park Center Rd. Suite 225 email: jwojtowicz@tcs-sec.com Herndon, VA 20171 http://www.tcs-sec.com/
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/