Luke Kenneth Casson Leighton writes:
[...]
> > That's exactly the point: Unix file system model is more flexible than
> > alternatives.
>
> *grin*. sorry - i have to disagree with you (but see below).
>
> i was called in to help a friend of mine at EDS to do a bastion sftp
> server to write some selinux policy files because POSIX filepermissions
> could not fulfil the requirements.
First, I was talking about flexibility attained through the separation
of notions of file and index. You just claimed elsewhere that this is
the direction ntfs took (with the introduction of hard-links).
Then, every security model has its weakness and corner cases. Try to
express
rw-r-xrw- (0656)
POSIX bits with canonical NT ACLs (hint: in NT allow-ACEs are
accumulated).
[...]
>
> POSIX permissions were designed to fit into what... 16 bits,
> so they didn't have a lot to play with.
That very good property for a security model: simplicity is a virtue
here.
Nikita.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
