Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!apple!bloom-beacon!bu-cs!bzs
From: bzs@bu-cs.BU.EDU (Barry Shein)
Newsgroups: comp.unix.wizards
Subject: Re: New (GNU) kernels--what I think
Message-ID: <32063@bu-cs.BU.EDU>
Date: 1 Jun 89 00:26:59 GMT
References: <2501@gandalf.UUCP> <13488@swan.ulowell.edu>
Organization: Boston U. Comp. Sci.
Lines: 31
In-reply-to: arosen@hawk.ulowell.edu's message of 31 May 89 15:51:03 GMT


The problem with VMS's privilege bits is that it's just a grab-bag of
privileges roughly modeled on the system resource categories, but not
what you might do with access to them. It seems to have basically
accreted over time with only a little thought to how they might be
used. The result is that the privilege required to do something
reasonable (like create a global mailbox for IPC programming) often
gives you the ability to do something non-obvious and damaging.

And it's the non-obvious and damaging part that often leads systems
admins down the garden path.

See, the model is based on resources, not the power access to those
privileges (resources) grants.

Unix, on the other hand, has basically no model for privileges. All
you can do is grant the rights of another user or group with little
information on what that might imply. I've seen new users write setuid
shell scripts to allow a friend the right to put files into his/her
directory tree. They understand what the problem with this is when you
explain it to them but rarely seem to come up with this prudence on
their own.

It's a problem waiting for yet another solution (model). Even as we
retreat to personal computing environs we simply off-put the access
problems to network resources. This one requires hard thought.
-- 
	-Barry Shein

Software Tool & Die, Purveyors to the Trade
1330 Beacon Street, Brookline, MA 02146, (617) 739-0202