Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!seismo!ll-xn!cit-vax!oberon!bloom-beacon!langz From: langz@athena.mit.edu (Lang Zerner) Newsgroups: comp.misc Subject: Re: access-lists vs. unix permissions Message-ID: <1144@bloom-beacon.MIT.EDU> Date: Wed, 15-Jul-87 20:16:36 EDT Article-I.D.: bloom-be.1144 Posted: Wed Jul 15 20:16:36 1987 Date-Received: Sat, 18-Jul-87 04:30:17 EDT References: <1334@ssc-vax.UUCP> Sender: daemon@bloom-beacon.MIT.EDU Reply-To: langz@athena.mit.edu (Lang Zerner) Organization: Massachusetts Institute of Technology Lines: 70 Keywords: security In article <1334@ssc-vax.UUCP> herber@ssc-vax.UUCP (David A Wilson) writes: >The articles refer to requirements for computer security categories >referred to by designators such as: C1, C2, B1, B2, A1. There was an article >in Unix Review a few months ago about how unix fits in to these categories. >According to the article, Unix can satisfy levels up to C2 without any >significant changes, but no higher. The problem occurs at level B1 which >requires access-lists for files. > > The issue I would like to discuss is why are access-lists considered >more secure that unix-style owner/group/other permission(as the specification >seems to apply)? Are there any studies that show this? I can see no reason >that unix permissions cannot provide equivalent level of data access >protection to access-lists. With multiple group membership, such as provided >in BSD Unix, file access can be controlled to any level desired. > > Does anyone have any other thoughts on this subject? I agree with david that the owner/group/other permissions are sufficient. All that is needed to obtain access lists for files is to have a corresponding group for every file in the system. To implement file access lists using the permissions system, all that would be necessary would be to have each file have its own entry in /etc/group, along with the appropriate permissions. For example, if user joeschmoe creates a file called 'libX.a' in /usr/joeschmoe, an addition would be made to /etc/group consisting of a line reading: /usr/joeschmoe/libX.a:::joeschmoe (where is a unique group number such as the highest existing group number + 1; if /etc/group needs all alphanumeric group *names*, unique names can be generated in a similar manner) and default permissions -rwxrwx---. To add people to the access list for the file, simply append their names to the end of the /etc/group name of the file. So to add user jruser to the access list for /usr/joeschmoe/libX.a, you simply add to the above /etc/group line to yield: /usr/joeschmoe/libX.a:::joeschmoe,jruser Using this system, the owner of the file can deny access to the file to anyone in the group, or allow access to the world, by using chmod. Two ways exist to add users to the access list: (1) to add specific users, contact a superuser (who presumably is trusted to be responsible for the security of the system), since only root can modify /etc/group; and (2) if you created the file, use chmod to allow world access. If it is not appropriate to allow nonroot users to allow world access, root creates the file. The only modification to unix per se to implement this system is one that would create the entry in /etc/group (i.e. generating a unique group number, etc) whenever a file is *first* created. After that, all that would be needed is a set of superuser utilities for effecting the modifications to /etc/group, such as: addaccess (which would add to the access list for ) along with other utilities for removing access, etc. There will probably be arguments regarding disk space usage, etc, but remember that no matter how you slice it, you've got to put the access lists *somewhere*. Also, I don't know how difficult it would be to make that one modification that adds the /etc/group entry at first creation of a file. The only seemingly efficient thing would be to modify whatever routine creates the directory entry. Any thoughts, unix hackers and wizards? Is it really as simple as it seems? ------------------------------------------------------------------------------ Lang Zerner ARPA/Internet: langz@athena.mit.edu UUCP/Usenet: ...{mirror|seismo|blblbl}!mit-eddie!langz@athena USPS: P.O. Box 247, M.I.T. Branch, Cambridge, MA 02139 Phone: 617/628-7156 "Nothing is ever accomplished by a reasonable man." -- George Bernard Shaw ==============================================================================