Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Soft-Chewy insides

From: petard <petard () sdf lonestar org>
Date: Mon, 29 Sep 2003 16:00:26 +0000
On Mon, Sep 29, 2003 at 09:55:18AM -0500, Schmehl, Paul L wrote:

Furthermore, Unix and Windows don't even agree on what a group is.  Or
how the rights for that group should be configured.  (Homogeneous
environments are fairly easy in comparison but still not without their
problems.)  If, for example, I have a resource which I want to offer to
some users at a read only level, to others at a read/write level and to
a few at a full control level, how do I do that in Unix?  Unix only
understands u-g-a.  In Windows I can "attach" as many groups to a
resource as I want, each with its own level of access.  And I have
multiple types of access, not just read, write and execute.  How do I
integrate these two disparate implentations?  If I want security to be
granular, how do I do that when heterogeneous resources force me into a
"least common denominator" scenario?


For that matter, how do you achieve this with Windows 98 shared resources?
You don't specify what sort of UNIX you refer to, but most modern ones
have the facility you describe available.

That's what I'm referring to when I say "we, as a security community"
have only begun to try addressing these issues.  Right now,
organizations pretty much have to "roll their own" - not a very
efficient way of solving a universal problem.


It's not really a roll your own thing... here is an example of a standard
mechnism for handling your scenario between Windows 2000 and FreeBSD 
(since you didn't specify flavors, I will)
http://www.onlamp.com/lpt/a/4053

I suppose that it might be "roll your own" for some platform combinations,
but this will always be true. You'll never be able to prevent people from
choosing such perverse combinations of platforms that they'll need to
do custom work in some cases.

At any rate, it is not a valid complaint to say that you have no means of
locking down resources; you might argue that it still requires too much
research and specialised knowledge, but that's true about many facets
of computing, not just security.

regards,
petard

--
If your message really might be confidential, download my PGP key here:
http://petard.freeshell.org/petard.asc
and encrypt it. Otherwise, save bandwidth and lose the disclaimer.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: