From owner-freebsd-security Fri Jan 14 21:52:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from atdot.dotat.org (atdot.dotat.org [150.101.89.3]) by hub.freebsd.org (Postfix) with ESMTP id D0B0A14EB7 for ; Fri, 14 Jan 2000 21:51:56 -0800 (PST) (envelope-from newton@atdot.dotat.org) Received: (from newton@localhost) by atdot.dotat.org (8.9.3/8.9.3) id QAA01061; Sat, 15 Jan 2000 16:13:34 +1030 (CST) (envelope-from newton) Date: Sat, 15 Jan 2000 16:13:34 +1030 From: Mark Newton To: David Pick Cc: Robert Watson , freebsd-security@FreeBSD.ORG Subject: Re: Restructuring authorization checks to facilitate new security models Message-ID: <20000115161334.F767@atdot.dotat.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from D.M.Pick@qmw.ac.uk on Fri, Jan 14, 2000 at 04:35:16PM +0000 X-PGP-Key: http://slash.dotat.org/~newton/pgpkey.txt Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Jan 14, 2000 at 04:35:16PM +0000, David Pick wrote: > The subject/object model looks reasonable, but I suspect that some > operations will turn out to have more than one object operand; for > example a user/process (subject) mounting (operation) a file system > (object) at a particular place in the already mounted filesystem > (second object). It strikes me that that example represents at least three separate sequential authorization checks, not a single authorization check which needs to work on three subjects. Not to say that other stronger examples mightn't exist, but this doesn't appear to be one of them. - mark -------------------------------------------------------------------- I tried an internal modem, newton@atdot.dotat.org but it hurt when I walked. Mark Newton ----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message