lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 15 Aug 2007 12:58:39 -0400
From:	Kyle Moffett <mrmacman_g4@....com>
To:	Marc Perkel <mperkel@...oo.com>
Cc:	Michael Tharp <gxti@...tiallystapled.com>,
	alan <alan@...eserver.org>,
	LKML Kernel <linux-kernel@...r.kernel.org>,
	Lennart Sorensen <lsorense@...lub.uwaterloo.ca>
Subject: Re: Thinking outside the box on file systems

On Aug 15, 2007, at 12:02:41, Marc Perkel wrote:
> Kyle, thinking further outside the box, files would no longer have  
> owners or permissions. Nor would
> directories. People, groups, managers, and other  objects with have  
> permissions. One might tag a file with the object that created it  
> so you could implement "self" rights which might be use to replace  
> the concept of /tmp directories.

Well, that's actually kind of close to how SELinux works.

This is the real fundamental design gotcha:
   Our current apps *AND* admins speak "UNIX" and "POSIX".  They  
don't speak "MarcPerkelOS" (or even "SELinux").  As long as there is  
not a reasonably-close-to-1-to-1 mapping between UNIX semantics and  
your "outside the box" semantics, the latter can't really be used.   
It would just involve rewriting too much code *AND* retraining too  
many admins from scratch to make it work.  Hell, even Windows and Mac  
have moved towards a UNIX-like permissions system, precisely because  
it's a simple model which is relatively easy to teach people how to  
use.  ACLs are just a slight modification of that model to allow two  
things:
   (A) Additional user/group permissions
   (B) Default permissions for new child files/dirs/etc

People are having a huge problem with SELinux permissions as is, and  
portions of that are a fairly standard model that's been worked over  
in various OSes for many years.  I seriously doubt that anything that  
far "outside the box" is going to be feasible, at least in the near  
term.

Good new filesystem developments are likely to be ones which preserve  
the same outer model, yet allow for deeper/more-powerful control for  
those users/admins who need it.

Cheers,
Kyle Moffett

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ