On Mon, 28 Feb 2000, Jesse Pollard wrote:
> firstname.lastname@example.org (Jonathan Corbet):
> >Just for the sake of discussion, I would like to toss out this idea one
> >more time. VMS handled the association of privileges (i.e. "capabilities")
> >via a central database. For any executable to run with privilege, it had
> >to be "installed" as a "known image," with the privileges spelled out.
> >Executables so installed were protected from modification thereafter.
> >This approach eliminates the problem of finding the programs with
> >capabilities - they are all listed in one place. There are no issues with
> >privileged programs on remotely mounted filesystems. It works with all
> >filesystem types, and should not require changes to any of them.
> >Implementation should be relatively simple.
> VMS had a lot going for it.. except company support (it was overpriced).
> The VMS filesystem only allowed one link to a file. If a second occured,
> then it was listed as an error.
Nope, you can have zero, one, or many names for a file. One of them is
special in that the file header backlinks to it, but that's the only thing
the filesystem does to make one name any sort of standard. I don't recall
whether INSTALL barks when handed a multilinked file, but it makes good
> The central database assumed that the
> only path to a program was the one it was registered with. Now if it used
> the inode, maybe. But what about mountable file systems. If a mount point
> moved, does that mean the registry also changed?
It means that the image(s) on that volume won't be privileged until the
sysadmin changes the Known Files List. Read on.
> VMS didn't allow privleged
> programs to reside anywhere except the system disk.
Hmmm, I don't recall such a restriction. There's no need: known files
are held open, so you can't dismount the volume they're on. Okay, you can
take the pack off without DISMOUNTing it, and screw on a new pack, but the
results won't be useful.
-- Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu "Where's the kaboom? There was supposed to be an Earth-shattering kaboom!" -- Marvin Martian, 01/01/2000 00:00:00
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to email@example.com Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Feb 29 2000 - 21:00:22 EST