Re: Capabilities

From: Mark H. Wood (mwood@IUPUI.Edu)
Date: Tue Feb 29 2000 - 13:20:23 EST

Next message: Lech Szychowski: "2.3.48, NCR53C81a and CD-ROM"
Previous message: Alexander Viro: "Re: 2.3.48 devfs problem"
In reply to: Jesse Pollard: "Re: Capabilities"
Next in thread: Peter T. Breuer: "Re: Capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 28 Feb 2000, Jesse Pollard wrote:
> corbet-lk@eklektix.com (Jonathan Corbet):
> >Just for the sake of discussion, I would like to toss out this idea one
> >more time. VMS handled the association of privileges (i.e. "capabilities")
> >via a central database. For any executable to run with privilege, it had
> >to be "installed" as a "known image," with the privileges spelled out.
> >Executables so installed were protected from modification thereafter.
> >
> >This approach eliminates the problem of finding the programs with
> >capabilities - they are all listed in one place. There are no issues with
> >privileged programs on remotely mounted filesystems. It works with all
> >filesystem types, and should not require changes to any of them.
> >Implementation should be relatively simple.
>
> VMS had a lot going for it.. except company support (it was overpriced).
> The VMS filesystem only allowed one link to a file. If a second occured,
> then it was listed as an error.

Nope, you can have zero, one, or many names for a file. One of them is
special in that the file header backlinks to it, but that's the only thing
the filesystem does to make one name any sort of standard. I don't recall
whether INSTALL barks when handed a multilinked file, but it makes good
sense.

> The central database assumed that the
> only path to a program was the one it was registered with. Now if it used
> the inode, maybe. But what about mountable file systems. If a mount point
> moved, does that mean the registry also changed?

It means that the image(s) on that volume won't be privileged until the
sysadmin changes the Known Files List. Read on.

> VMS didn't allow privleged
> programs to reside anywhere except the system disk.

Hmmm, I don't recall such a restriction. There's no need: known files
are held open, so you can't dismount the volume they're on. Okay, you can
take the pack off without DISMOUNTing it, and screw on a new pack, but the
results won't be useful.

-- Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu "Where's the kaboom? There was supposed to be an Earth-shattering kaboom!" -- Marvin Martian, 01/01/2000 00:00:00

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Lech Szychowski: "2.3.48, NCR53C81a and CD-ROM"
Previous message: Alexander Viro: "Re: 2.3.48 devfs problem"
In reply to: Jesse Pollard: "Re: Capabilities"
Next in thread: Peter T. Breuer: "Re: Capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Feb 29 2000 - 21:00:22 EST