From owner-freebsd-security Tue Oct 21 19:53:50 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id TAA28874 for security-outgoing; Tue, 21 Oct 1997 19:53:50 -0700 (PDT) (envelope-from owner-freebsd-security) Received: from gras-varg.worldgate.com (skafte@gras-varg.worldgate.com [198.161.84.12]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id TAA28869 for ; Tue, 21 Oct 1997 19:53:47 -0700 (PDT) (envelope-from skafte@worldgate.com) Received: (from skafte@localhost) by gras-varg.worldgate.com (8.8.7/8.6.12) id UAA10211; Tue, 21 Oct 1997 20:53:31 -0600 (MDT) Message-ID: <19971021205331.53826@worldgate.com> Date: Tue, 21 Oct 1997 20:53:31 -0600 From: Greg Skafte To: freebsd-security@FreeBSD.ORG Subject: Re: C2 Trusted FreeBSD? References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.84 In-Reply-To: ; from Aleph One on Tue, Oct 14, 1997 at 12:54:34PM -0500 Organization: WorldGate Inc. X-PGP-Fingerprint: 42 9C 2C A8 4D 2B C9 C4 7D B6 00 B0 50 47 20 97 X-URL: http://gras-varg.worldgate.com/~skafte Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Quoting Aleph One (aleph1@dfw.net) On Subject: Re: C2 Trusted FreeBSD? Date: Tue, Oct 14, 1997 at 12:54:34PM -0500 > On Tue, 14 Oct 1997, Brian Beattie wrote: > > > Most of the people involved in INFOSEC are absolutely "head over heals" in > > love with ACL's, big ACL's. I am not convinced of their utility in the > > real world, especially with suplementary groups. If I were designing a B1 > > UNIX system I would not change the current access control design. > > The problem with ACL's is not it's nature but the fact that if you > implement them under UNIX nothing knows how to candle them. For example > you would need to modify ls to show them, you need to modify cp to copy > them, you programs need to be aware of ACL directory inheritance, etc. > This is not a problem when you are designing a new OS and people will have > to learn the new API (e.g. Windows NT) but if you are trying to maintain > compatibility with other unixes or try to port random programs it becomes > a pain. HP-UX has had ACLs for quite some time now but not one uses them > just because of this. back in a former life when I worked for a company that had an HP, I setup extended ACLs all the time, it was very handy for controlling access to things like web directories. (ie yes everyone was part of group http, but then with the extended ACL I could force things to g=rwx, but still control who could read or write to a specific tree) ACL take a some extra time and effort but in the long term I found them wonderful... -- Email: skafte@worldgate.com Voice: +403 413 1910 Fax: +403 421 4929 #575 Sun Life Place * 10123 99 Street * Edmonton, AB * Canada * T5J 3H1 -- -- When things can't get any worse, they simplify themselves by getting a whole lot worse then complicated. A complete and utter disaster is the simplest thing in the world; it's preventing one that's complex. (Janet Morris)