From: urlichs@smurf.sub.org (Matthias Urlichs) Subject: Re: Access control lists and Linux Date: 20 Apr 1993 22:46:14 +0200
In comp.os.linux, article <1qo2p8$8aj@walt.ee.pdx.edu>,
gary@acacia (Gary Moyer) writes:
> hpa@merle.acns.nwu.edu (H. Peter Anvin N9ITP) writes:
> :
> : Let each filesystem be mounted with or without access daemon support
> : (with for flexible security, without for speed). If the kernel
> : detects a permission mismatch, it will call up (through some standard
> : interface) `accessd' which (of course) runs as root. It informs
> : accessd of uid, gid(s) and filename, and accessd returns the
> : permissions approved to the kernel. Alternatively `accessd' could be
> : a part of the kernel, but it *would* be bloat....
> :
> We're back at the square where we started from. The main, and most important
> advantage I can see, to ACL's is that you have an _independent_ access level
> that cannot be compromised by the lower level access levels (i.e. unix
> file permissions).
>
Hmm... this can be prevented if the file system uses a special inode for the
ACL file which doesn't have a directory entry (just like the bad-blocks file
or in fact the root directory) which the mount system call could open and
return an open file descriptor for.
--
Liko, you don't want to kill me.
-- Troi, "Who Watches the Watchers?",
stardate 43173.5
--
Matthias Urlichs -- urlichs@smurf.sub.org -- urlichs@smurf.ira.uka.de /(o\
Humboldtstrasse 7 -- 7500 Karlsruhe 1 -- Germany -- +49-721-9612521 \o)/