Hi Johannes, I have read your excellent article describing your google summer of code project. I really think the document is well-written and organized. I also like the graphical elements, they really help to describe the problem and limitations that you solved through your hard work. Thanks so much for sending this around, my comments are below (mostly editorial feedback, but some questions also).
If others agree, we can post this on the docs community, or on the muskoka project we could host the document file--it is a nice design specification for how privileges may be expanded in future and indicates how user documentation will be impacted when the changes are committed, and also how this work can be expanded in future phases. Again, great work!! If others on this list are reviewing the document, please chime in with your progress so Johannes will know when to expect more feedback. Here's mine: mo-1 In the abstract, third sentence, change 'This article tries to provide' to 'This article provides' mo-2 In the abstract, second to last sentence, change, 'Later on, examples how' to 'Later on, examples of how' mo-3 Section 1, Introduction, Third paragraph, first sentence 'The concrete task in my project was to introduce new basic privileges in order to be able to better control process'es access to resources'. This sentence is a bit awkward, and because it is so important to the document, I think it would benefit the reader to reword it for clarity. I suggest something like: My project introduced new 'basic' privileges that enable better control over how processes access resources. The word 'how' in the above sentence might be better replaced by 'what, when or where', but it is easier to read without the possesive form of the word processes. If you do use the plural possessive, I believe processes' is the correct form. You might consider changing process'es to processes' throughout the document. Also, the term OpenSolaris is a trademarked term, so it should always appear as one word and the first instance of the term should be followed by a TM symbol. mo-4, Section 1, Introduction, Fourth paragraph, I suggest re-structuring the second sentence as follows , for readability: 'This behavior is wished for processes that require access to global libraries and configuration files, but require none of the following: 1. reliance on their associated user ID 2. reliance on their associated group membership 3. working with files that have limited access (cannot be accessed by everybody) mo-5 Section 1, Introduction, last paragrpaph, change 'This article intends to' to 'This article intends to do the following:' Then, use a capital letter at the beginning of each bullet item. mo-6, Section 2, Third sentence, remove the word 'So' at the beginning of the sentence. mo-7 Section 2, Fourth sentence, change 'needs' to 'need'. mo-8 Section 2, second paragraph, change 'This changes in the moment,' to 'This becomes a problem in the moment'. mo-8.5 Section 2, second paragraph, change 'unexperienced' to 'inexperienced' and end that same sentence after the words 'vulnerable process'. Then, begin a new sentence as follows: 'The availability of the vulnerable process is then made to do everything the intruder wants it to do.' Splitting up this long sentence into two makes it easier to understand. mo-9 Section 2, fourth paragraph, 'are still hard coded'. I believe it is less secure to have the actions you refer to here as hard-coded, but it isn't clear from this sentence. Could you remove the dash and change 'they are possible in any case' to say 'Actions may be expoited in any case' to make this more clear? mo-10 Section 2, after Figure 1, change 'that columns' to 'that column' mo-11 Section3, first paragraph, change 'Diagram 1' to 'Figure 1'. You might consider changing this throughout the document because it is confusing for the reader to have references in the text that don't match the figure title. mo-12 Section 3, Second paragraph, change 'diagram 3' to 'Figure 2' mo-13, footnote 7, change 'require applying' to 'requires applying' mo-14, I really appreciate the diagrams you created, they are excellent and really help to understand the concepts you describe. mo-15, Section5, second paragraph, change 'chose' to 'choose'. Chose is past-tense, so I think you want choose instead. mo-16, Section5, diagrams 10, 11, and 12. I suggest moving these diagrams closer to the text that describes them, rather than stack them together. I had some difficulty finding the right diagram to refer to while I was reading the text int his section. mo-17, Section 5, second to last paragraph, I really appreciate that you describe the changes to file system drivers, documentation and man pages implied by your proposed changes, this brings a holistic view to the project, great job! mo-18 Section 6, numbered list, use initial capitalization for these sentences. mo-19, Section 6, second paragraph after Figure 15, change 'The other left problems' to 'The other leftover problems' mo-20 Appendix A, second paragraph, change 'authentification' to 'authentication' mo-21, Appendix A, footnote 17, change 'likely that you fully understand' to 'likely that you could fully understand' mo-22, Appendix A, paragraph two, change 'To protect against this kind of attacks' to 'To protect against these kinds of attacks'. mo-23, Appendix B, the first sentence states 'nine privileges', but in your policy.c snippet, I see only 8 items. mo-24, Appendix B, first paragraph after policy.c, change 'self explaining' to 'self explanatory' mo-25, Appendix C, first sentence, change text to the following: If you 'would' like to change a file system driver in order to support the new privileges explained in Section 5, two options exist, depending on whether your driver is already conformant to Solaris 10 privileges or not. That's it, great job again, excellent document! I'm glad the documentation community was useful in your project, if there are links to other resources we should add to our pool, please do let us know. Regards, Michelle This message posted from opensolaris.org
