Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84 exptools; site ho95e.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!mhuxr!mhuxt!houxm!ho95e!wcs
From: wcs@ho95e.UUCP (x0705)
Newsgroups: net.unix-wizards
Subject: Re: implementing access control lists in 4.2bsd
Message-ID: <121@ho95e.UUCP>
Date: Thu, 20-Jun-85 19:09:08 EDT
Article-I.D.: ho95e.121
Posted: Thu Jun 20 19:09:08 1985
Date-Received: Fri, 21-Jun-85 02:34:17 EDT
References: <425@linus.UUCP>
Distribution: net
Organization: AT&T Bell Labs, Holmdel NJ
Lines: 24

> so, I implemented access control lists in UNIX.  [.....]
>
>...  the changes to the kernel were very minor:  two new system calls were
> 
> /jeff
> 
>   security!jjg@mitre-bedford.ARPA				(MIL)
>  {allegra,ihnp4,utzoo,philabs,uw-beaver}!linus!security!jjg	(UUCP)

At the Dallas USENIX, Dan Klein of Avatar gave a paper on "A Capability Based
Protection Mechanism Under UNIX".  He wanted the same kind of flexibility you
wanted, written in a portable way without kernel hacking.  So he invented
Capa's.  A capa is a program you can give somebody which gives them permission
to do <something> and/or <anything> to one or more files that belong to you.
Capa's appear to be secure and flexible, and they're portable (V6, V7, 4.2BSD,
System III, System V!)  The code for them is described in the paper.
(There's a typo on the last-4th line; change "*execv = 0" into "*ev = 0".)
Dan's mailing address is listed as 
	{mcnc,decvax,floyd}!dls!mi-cec!dvk
	Dan.Klein@CMU-CS-A.ARPA
but you should really get the procedings from the conference so you can read
the other papers also.
-- 
Bill Stewart, AT&T Bell Labs, Holmdel NJ 1-201-949-0705 ihnp4!ho95c!wcs