On Wed, Aug 21, 2002 at 03:05:20PM -0500, Tom Hart wrote:
Lionel Elie Mamane wrote:
On Wed, Aug 21, 2002 at 11:29:04AM -0500, Tom Hart wrote:
The one thing about NT's approach that I think is good is the
presence of Deny ACEs.
I feel like one can't have Deny ACEs without order dependency.
Le jeu 22/08/2002 à 08:37, Lionel Elie Mamane a écrit :
Why the hell have you created Untrusted Students in the first place?
If you have created that group, you already think in a Deny ACE
way. If, at group creation time, you keep in mind that a group is used
only to give additional rights,
On Wed, Aug 21, 2002 at 08:33:24AM +0200, Lionel Elie Mamane wrote:
Does this version of ACL's calm your fears of ACL's being
unintuitive?
I think Nowell Netware had even more intuitive ACLs (but hard for the OS).
They were Supervisory,
Read, Write, Create, Erase, Modify attributes, see the
On Thu, Aug 22, 2002 at 02:25:48PM +0200, Michal 'hramrach' Suchanek wrote:
Does this version of ACL's calm your fears of ACL's being
unintuitive?
I think Nowell Netware had even more intuitive ACLs (but hard for
the OS).
The Netware trustee system was amazing, I wish for it almost every
commence Jeff Bailey quotation:
The Netware trustee system was amazing, I wish for it almost every
day that I sysadmin. There's a project on sourceforge to implement
it (google for 'trustee'). It's sad that because it's not Posix,
few people will ever implement it, though.
I seem to
On Tue, Aug 20, 2002 at 11:28:07AM -0500, Tom Hart wrote:
ACL's (Access Control Lists, for those who haven't heard the term
before), allow the administrator to have more fine-grained control
over access to the system.
However, the only system I'm familiar with that uses them is Windows
On Wed, Aug 21, 2002 at 08:33:24AM +0200, Lionel Elie Mamane wrote:
And only this file's ACL matters. There is no concept of
inheritance.
Err... A slight error here. As with normal Unix permission bits, you
must have x permission to the directory, and its parent, and it's
parent parent, etc to
On Wed, Aug 21, 2002 at 10:25:10AM +0800, [EMAIL PROTECTED] wrote:
I investigated file permissions for the Hurd a couple of years ago.
The upstream maintainer of fileutils (Michael Stone I think it was?)
told me the Hurd shouldn't bother with the extra permission bits for
the unauthenticated
On Wed, Aug 21, 2002 at 05:36:47AM +0200, Wolfgang Jährling wrote:
It is so obvious that one does not want this on a secured system that
one certainly won't forget to change it. Therefore, if you really want
to improve security, you should maybe look somewhere else. According to
the BTS
On Wed, Aug 21, 2002 at 05:36:47AM +0200, Wolfgang Jährling wrote:
It is so obvious that one does not want this on a secured system that
one certainly won't forget to change it. Therefore, if you really want
to improve security, you should maybe look somewhere else. According to
the BTS
Lionel Elie Mamane wrote:
On Tue, Aug 20, 2002 at 11:28:07AM -0500, Tom Hart wrote:
ACL's (Access Control Lists, for those who haven't heard the term
before), allow the administrator to have more fine-grained control
over access to the system.
However, the only system I'm familiar with
On Wed, Aug 21, 2002 at 11:29:04AM -0500, Tom Hart wrote:
Lionel Elie Mamane wrote:
On Tue, Aug 20, 2002 at 11:28:07AM -0500, Tom Hart wrote:
Maybe I should describe what I know of the ACL's implemented on top
of Unix then: I had some experience with a Solaris system, and I
heard that the
Lionel Elie Mamane wrote:
On Wed, Aug 21, 2002 at 11:29:04AM -0500, Tom Hart wrote:
Lionel Elie Mamane wrote:
On Tue, Aug 20, 2002 at 11:28:07AM -0500, Tom Hart wrote:
The one thing about NT's approach that I think is good is the
presence of Deny ACEs.
I feel like one can't
On Tue, Aug 20, 2002 at 03:15:22AM +0200, Marcus Brinkmann wrote:
On Tue, Aug 20, 2002 at 03:15:49AM +0200, Robert Millan wrote:
Do we have file permission bits for the unauthentificated user?
Yes. And a bit to control if it should use those or the o bits. Currently,
the default is to use
On Tue, Aug 20, 2002 at 05:28:12PM +0200, Robert Millan wrote:
On Tue, Aug 20, 2002 at 03:15:22AM +0200, Marcus Brinkmann wrote:
On Tue, Aug 20, 2002 at 03:15:49AM +0200, Robert Millan wrote:
Do we have file permission bits for the unauthentificated user?
Yes. And a bit to control if it
Lionel Elie Mamane wrote:
On Tue, Aug 20, 2002 at 05:28:12PM +0200, Robert Millan wrote:
On Tue, Aug 20, 2002 at 03:15:22AM +0200, Marcus Brinkmann wrote:
On Tue, Aug 20, 2002 at 03:15:49AM +0200, Robert Millan wrote:
Do we have file permission bits for the unauthentificated
On Tue, 20 Aug 2002, Sean Neakums wrote:
That came from the Orange Book security guidelines, I believe. The
idea is that the SAS (secure attention sequence) is not overrideable
and thus the user can be sure that once the sequence has been entered
he is communicating with the OS and not
Jason Dagit [EMAIL PROTECTED] writes:
It is a programmable interrupt, you just overwrite the function
pointer the OS whats to use with your value.
Well, note the difference:
* login-fake-program-0 is simply a normal user program, which displays
a login screen and receives the password. No
On Tue, Aug 20, 2002 at 11:28:07AM -0500, Tom Hart wrote:
However, the only system I'm familiar with that uses them is Windows
NT/2K/XP. In my experience, they actually make the system less secure,
because they are much less intuitive to work with than the standard UN*X
file permissions.
On Tue, Aug 20, 2002 at 09:57:14AM -0700, Jason Dagit wrote:
I guess my problem is that I don't believe that having the OS trap
ctrl-alt-del, and then using that to start the login is any safer.
The problem is in what you believe, not the object of your belief.
Security is not only measured by
Robert Millan wrote:
On Tue, Aug 20, 2002 at 11:28:07AM -0500, Tom Hart wrote:
I assume that the Hurd is sticking with the traditional UN*X model
because most sysadmins who are used to UNIX will find this easier to
work with. Furthermore, switching to an ACL-based model would probably
break
Lionel Elie Mamane [EMAIL PROTECTED] wrote:
On Tue, Aug 20, 2002 at 11:28:07AM -0500, Tom Hart wrote:
I assume that the Hurd is sticking with the traditional UN*X model
because most sysadmins who are used to UNIX will find this easier to
work with.
Hmm... The Hurd clearly departs from
Tom == Tom Hart [EMAIL PROTECTED] writes:
Tom However, wouldn't it still be necessary to patch programs written
Tom for the traditional UN*X model so that they could see the ACL's,
Tom and respect the more fine-grained control when present?
FWIW, there are already Linux patches out there, that
I investigated file permissions for the Hurd a couple of years ago.
The upstream maintainer of fileutils (Michael Stone I think it was?)
told me the Hurd shouldn't bother with the extra permission bits for
the unauthenticated user since the problem would be much more effectively
solved by ACLs. He
Moritz Schulte [EMAIL PROTECTED] wrote:
One of the few reasons for the login shell, which come to my mind,
is: it is nice to demonstrate our feature of having zero auth handles.
(Using the terminology from auth.defs, the login shell actually has an
auth handle, it is just associated with four
[EMAIL PROTECTED] writes:
I investigated file permissions for the Hurd a couple of years ago.
The upstream maintainer of fileutils (Michael Stone I think it was?)
told me the Hurd shouldn't bother with the extra permission bits for
the unauthenticated user since the problem would be much more
Hi,
I want to start this thread, because I think there is something
wrong with the GNU default login method. The question about the sense
of the login shell should maybe asked again at this time. What are
the advantages and, which is IMHO even more important, what are the
disadvantages of it?
On Tue, Aug 20, 2002 at 12:07:56AM +0200, Moritz Schulte wrote:
James Morrison [EMAIL PROTECTED] writes:
Also, as you previously mentioned there is no power in this login
shell so we aren't leaving open doors all over the place.
Wait. As the system is right now, there's a lot of power
Marcus Brinkmann [EMAIL PROTECTED] writes:
Well, because if you need a secure console (eg, if the computer is
accessible in public), you need to take a lot of extra steps anyway
to secure the machine: You need to set a BIOS and GRUB password, for
example.
Of course! Don't get me wrong, I
For the GNU system, the issue of paramount importance is that all security
decisions be a matter of local administrative choice rather than imposed by
the system. For the base installation, we use the choices that we (the
Hurd developers) like for our own machines and you don't have to like those
Marcus these are my feelings exactly. I think having to type login to
login is redundant. Just like win2k where you type ctrl-alt-del (which
according to MS improves security), before you login. I think the normal
case is logining, and that is someone wants to use some other feature with
out
On Tue, Aug 20, 2002 at 01:20:59AM +0200, Moritz Schulte wrote:
Let me describe my view like this: when I ask a company to build a
house for me, I simply expect the doors to have locks, to offer at
least some kind of protection.
Well, I guess we could argue hours about this :) Like, I could
On Tue, Aug 20, 2002 at 03:15:49AM +0200, Robert Millan wrote:
Do we have file permission bits for the unauthentificated user?
Yes. And a bit to control if it should use those or the o bits. Currently,
the default is to use the o bits, but we are not sure if we shouldn't change
that. What you
33 matches
Mail list logo
