lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: petard at sdf.lonestar.org (petard)
Subject: Soft-Chewy insides

On Mon, Sep 29, 2003 at 09:55:18AM -0500, Schmehl, Paul L wrote:
> Furthermore, Unix and Windows don't even agree on what a group is.  Or
> how the rights for that group should be configured.  (Homogeneous
> environments are fairly easy in comparison but still not without their
> problems.)  If, for example, I have a resource which I want to offer to
> some users at a read only level, to others at a read/write level and to
> a few at a full control level, how do I do that in Unix?  Unix only
> understands u-g-a.  In Windows I can "attach" as many groups to a
> resource as I want, each with its own level of access.  And I have
> multiple types of access, not just read, write and execute.  How do I
> integrate these two disparate implentations?  If I want security to be
> granular, how do I do that when heterogeneous resources force me into a
> "least common denominator" scenario?
> 
For that matter, how do you achieve this with Windows 98 shared resources?
You don't specify what sort of UNIX you refer to, but most modern ones
have the facility you describe available.
> That's what I'm referring to when I say "we, as a security community"
> have only begun to try addressing these issues.  Right now,
> organizations pretty much have to "roll their own" - not a very
> efficient way of solving a universal problem.
>
It's not really a roll your own thing... here is an example of a standard
mechnism for handling your scenario between Windows 2000 and FreeBSD 
(since you didn't specify flavors, I will)
http://www.onlamp.com/lpt/a/4053

I suppose that it might be "roll your own" for some platform combinations,
but this will always be true. You'll never be able to prevent people from
choosing such perverse combinations of platforms that they'll need to
do custom work in some cases.

At any rate, it is not a valid complaint to say that you have no means of
locking down resources; you might argue that it still requires too much
research and specialised knowledge, but that's true about many facets
of computing, not just security.

regards,
petard

--
If your message really might be confidential, download my PGP key here:
http://petard.freeshell.org/petard.asc
and encrypt it. Otherwise, save bandwidth and lose the disclaimer.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ