Full Disclosure mailing list archives
Counseling not to use Windows (was Re: Anonymous surfing my ass\!)
From: full-disclosure () lists netsys com (David F. Skoll)
Date: Mon, 15 Jul 2002 18:44:58 -0400 (EDT)
On Mon, 15 Jul 2002, Roland Postle wrote:
Agreed complexity is the enemy of security, but unix file permissions are nothing but an unfortunate relic of the past.
Not arguing with that. UGO are simple, but not very flexible. They can be made to work well in most situations, though, especially if you use the modern setup whereby each user has his own group, and then you make additional groups for projects.
Then we come to the suid/sgid bits. What are they really about? It took me over a year of using unix to figure it out. If this file is executed it runs in the security context of it's owner and/or group. Is that a permission?
Nope. It's a "file mode".
The idea is to create 'program domains' (what a program can do or can't do, as opposed to what a user can do or can't do), but the fact that they're implemented as user domains is another fudge. And an extremely confusing one at that, because many unix programmers don't fully understand the distinction.
Actually, I find suid/sgid very easy to understand. They can be explained in a single sentence. And implementing program domains as user domains is necessary in UNIX because of the design. It might not be a pretty design, but it works, and (more importantly) doesn't have any fundamental security problems. For very security-sensitive applications, this might not be good enough. enough. NSA's SELinux has proper program domains and very fine-grained control over what each program can do. Internally to the Linux kernel, there are finer-grained "capabilities", but there's no agreement on how to map these to the file system.
Windows is no less confusing, but as Paul pointed out, it is at least functional.
Aw, come on. :-) The UNIX model is pretty functional too. -- David.
Current thread:
- Counseling not to use Windows (was Re: Anonymous surfing my ass\!) Paul Schmehl (Jul 14)
- Counseling not to use Windows (was Re: Anonymous surfing my ass\!) hellNbak (Jul 14)
- Counseling not to use Windows (was Re: Anonymous surfing my ass\!) David F. Skoll (Jul 15)
- Counseling not to use Windows (was Re: Anonymous surfing my ass\!) Roland Postle (Jul 15)
- Counseling not to use Windows (was Re: Anonymous surfing my ass\!) David F. Skoll (Jul 15)
- Counseling not to use Windows (was Re: Anonymous surfing my ass\!) Roland Postle (Jul 15)
- Counseling not to use Windows (was Re: Anonymous surfing my ass\!) Steve (Jul 15)
- Counseling not to use Windows (was Re: Anonymous surfing my ass\!) David F. Skoll (Jul 15)
- Counseling not to use Windows (was Re: Anonymous surfing my ass\!) Steve (Jul 15)
- Counseling not to use Windows (was Re: Anonymous surfing my ass\!) Roland Postle (Jul 15)
- Counseling not to use Windows (was Re: Anonymous surfing my ass\!) David F. Skoll (Jul 15)
- Counseling not to use Windows (was Re: Anonymous surfing my ass\!) David F. Skoll (Jul 15)
- Counseling not to use Windows (was Re: Anonymous surfing my ass\!) hellNbak (Jul 14)