| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Aug 2007 10:19:16 -0700 (PDT)
From: Marc Perkel <mperkel@...oo.com>
To: Kyle Moffett <mrmacman_g4@....com>
Cc: Michael Tharp <gxti@...tiallystapled.com>,
alan <alan@...eserver.org>,
LKML Kernel <linux-kernel@...r.kernel.org>,
Lennart Sorensen <lsorense@...lub.uwaterloo.ca>
Subject: Re: Thinking outside the box on file systems
--- Kyle Moffett <mrmacman_g4@....com> wrote:
> On Aug 15, 2007, at 12:02:41, Marc Perkel wrote:
> > Kyle, thinking further outside the box, files
> would no longer have
> > owners or permissions. Nor would
> > directories. People, groups, managers, and other
> objects with have
> > permissions. One might tag a file with the object
> that created it
> > so you could implement "self" rights which might
> be use to replace
> > the concept of /tmp directories.
>
> Well, that's actually kind of close to how SELinux
> works.
>
> This is the real fundamental design gotcha:
> Our current apps *AND* admins speak "UNIX" and
> "POSIX". They
> don't speak "MarcPerkelOS" (or even "SELinux"). As
> long as there is
> not a reasonably-close-to-1-to-1 mapping between
> UNIX semantics and
> your "outside the box" semantics, the latter can't
> really be used.
> It would just involve rewriting too much code *AND*
> retraining too
> many admins from scratch to make it work. Hell,
> even Windows and Mac
> have moved towards a UNIX-like permissions system,
> precisely because
> it's a simple model which is relatively easy to
> teach people how to
> use. ACLs are just a slight modification of that
> model to allow two
> things:
> (A) Additional user/group permissions
> (B) Default permissions for new child
> files/dirs/etc
>
> People are having a huge problem with SELinux
> permissions as is, and
> portions of that are a fairly standard model that's
> been worked over
> in various OSes for many years. I seriously doubt
> that anything that
> far "outside the box" is going to be feasible, at
> least in the near
> term.
>
> Good new filesystem developments are likely to be
> ones which preserve
> the same outer model, yet allow for
> deeper/more-powerful control for
> those users/admins who need it.
>
> Cheers,
> Kyle Moffett
>
>
Kyle, What I'm suggesting is scrapping all existing
concepts and replacing them with something entirely
new. Posix, Unix, SELinux go away except for an
emulation layer for backwards compatibility. What I'm
suggesting is to start over and do it right.
If this new idea is implemented then one could
implement POSIX as one of many permission modules that
one could load. One could also load a WINDOWS
permission model that could be used with SAMBA. This
would be a new more powerful underlying layer that can
be used to emulate anything you want. And it would be
great for people using FUSE who could make file
systems look any way they want.
One of the problems with the Unix/Linux world is that
your minds are locked into this one model. In order to
do it right it requires the mental discipline to break
out of that.
Marc Perkel
Junk Email Filter dot com
http://www.junkemailfilter.com
____________________________________________________________________________________
Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase.
http://farechase.yahoo.com/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists