Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!cs.utexas.edu!execu!sequoia!rpp386!jfh
From: jfh@rpp386.Dallas.TX.US (John F. Haugh II)
Newsgroups: comp.unix.wizards
Subject: Re: What kinds of things would you want in the GNU OS?
Summary: Be compatible, be compatible, be compatible ...
Message-ID: <16597@rpp386.Dallas.TX.US>
Date: 29 May 89 17:44:05 GMT
References: <106326@sun.Eng.Sun.COM> <4315@ficc.uu.net>
Reply-To: jfh@rpp386.cactus.org (John F. Haugh II)
Organization: River Parishes Programming, Plano TX
Lines: 42

In article <4315@ficc.uu.net> peter@ficc.uu.net (Peter da Silva) writes:
>In article <106326@sun.Eng.Sun.COM>, news@sun.Eng.Sun.COM (news) writes:
>> Security:	ACLs?
>
>Perhaps. This would solve the bits-in-st_flags problem.

It would also solve the problem of being compatible with UNIX ;-)

Any secured filesystem solution must address backwards compatibility.
Stealing bits from st_mode [ there is not a st_flags field in a struct
stat ] is only going to wreck havoc on a large body of software which
knows about st_mode bits.

>>               Get rid of root?
>
>Hmmm. Go to something like DEV:path as per VMS/AmigaDOS/MSDOS/...?
>Handy, particularly if you have assigns. But too many incompatibilities.

I think he meant getting rid of UID == 0 being a privileged user.
Again, this an Orange Book requirement.  It also makes much sense.
Programs should have privilege, not users.  The ability to access
a program can then be limited to a collection of users or groups.

Or use /etc/group to allow some group of users to newgrp to an
administrative account.  The group ``dumpers'' might exist for
persons taking file system dumps.  All of the dumpable devices
would then have file group ``dumpers''.  Root wouldn't have to
be used for dumps any longer.

>>               Security monitors? Auditing?
>> 		Provably secure(A1)?
>
>Not possible, I think, with the resources GNU has.

GNU, as distributed directly from FSF, might exist in some
secure form.  As hacked on by some random collection of bodies
before reaching me will never be considered trustable.
-- 
John F. Haugh II                        +-Button of the Week Club:-------------
VoiceNet: (512) 832-8832   Data: -8835  | "AIX is a three letter word,
InterNet: jfh@rpp386.Cactus.Org         |  and it's BLUE."
UucpNet : <backbone>!bigtex!rpp386!jfh  +--------------------------------------