HP3000-L Archives

February 1997, Week 1

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
POSIX and PM programs (not) in HFS directories (was: POSIX s
From:
[log in to unmask][log in to unmask]
Reply To:
[log in to unmask][log in to unmask]
Date:
Sun, 2 Feb 1997 14:36:00 +0100
Content-Type:
text/plain
Parts/Attachments:
POSIX (34 lines) 
Recently Chris Breemer and Mark Bixby discussed the
fact that "appropriate privileges" for POSIX setuid()
does mean PM capability and GETPRIVMODE() called.

During the discussion one or the other mentioned that
programs using PRIV MODE have to reside in MPE groups
whereas "normal" programs can (nowadays) also "live"
in HFS directories.

I do *not* consider this as a "halfhearted" Posix
implementation but as a security feature instead!

Allowing PM programs only in MPE groups which have PM
capability makes it possible for the system manager to
get those powerful but potentially dangerous programs
under strict control.

If PM programs could be run everywhere, then every user
would be able to restore or file-transfer a PM program
into his home-group and run it, possibly exploiting it
to breach security or compromise system integrity! :-(

Notice that unlike Unix where the "power" is associated
with the "superuser" id 0, there is a concept of user
and/or program capabilities on MPE. And a program with
special capabilities needs to reside in "proper places".

HFS directories do not have associates capabilities like
MPE groups and thus are not "appropriate" for PM prog's.

Hope this doesn't add too much confusion...

:-) Lars

ATOM RSS1 RSS2