Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ukma!uflorida!novavax!twwells!bill
From: bill@twwells.uucp (T. William Wells)
Newsgroups: comp.unix.wizards
Subject: Re: Enforcing Permissions
Message-ID: <902@twwells.uucp>
Date: 6 May 89 15:41:20 GMT
References: <8134@phoenix.Princeton.EDU>
Reply-To: bill@twwells.UUCP (T. William Wells)
Distribution: usa
Organization: None, Ft. Lauderdale
Lines: 14
Summary:
Expires:
Sender:
Followup-To:
Keywords:

In article <8134@phoenix.Princeton.EDU> bernsten@phoenix.Princeton.EDU (Dan Bernstein) writes:
: There is a fundamental problem with UNIX security that alone prevents
: acceptance of UNIX at the B1 security classification or above: It is
: not possible to cure a security violation, only to prevent it. There
: is no way for a user to close a hole that is being used.
:
: For example, access permissions on a file are only checked at the time
: of an open(). Once a process has a file open, there is no way to force
: it to give up the file descriptor.

Kill -9 might be overkill, but it certainly would do the job.

---
Bill                            { uunet | novavax } !twwells!bill