On Sat, Jan 05, 2002 at 01:42:54AM +0100, Praise wrote: > It sounds new to me. Can you give me a pointer to some basic information > about this?
Sadly, I don't know the full history on the POSIX.1e security -- it appears to be one of the pockmarked-with-failure standards efforts. The story, as I know it, is that POSIX.1e was going to be a simple and straightforward recommendation on slightly more advanced security technologies than unix historical security. As the committees were working on it, more and more proposals were made that extended the ACLs and so forth well beyond well-known, well-used ACLs to areas that were rightly still experimental. In the end, the committes 'unproposed' the standard -- they removed their work from the POSIX standards track. Thus, POSIX.1e is actually _not_ a standard -- all that is left is their last working drafts, which is what has been implemented in many commercial unix systems, as well as many of the free systems. I've heard that the POSIX.1e drafts are floating around, and if you ask in the right group of people, someone kind might send it to you, but a few minutes of googling hasn't turned it up in the past. (Well, it did, but invariably the hosting site was down.) In the Linux kernel, the work of the POSIX.1e security changes mostly manifest themselves with the 'capable()' function/macro (I forget which, and my kernel source trees all follow the Linux Security Module project, which has replaced the capable() calls in a fashion that makes the discussion difficult to continue :). The ACLs/extended attributes hasn't made it into a mainline linux kernel yet .. http://acl.bestbits.at/ http://lsm.immunix.org/ http://wt.xpilot.org/publications/posix.1e/ And, of course, google. :) -- The Bill of Rights: 7 out of 10 rights haven't been sold yet! Contact your congressman for details how *you* can buy one today!
msg00101/pgp00000.pgp
Description: PGP signature