With the help of a person who knows latex better than me, I have even managed to control the placements of the figures now. Take a look at http://myhpi.de/~nicolai/GSoC.pdf for the revised article.
I have now placed a trademark after the first occurence of OpenSolaris and added two footnotes for the the trademark holders of OpenSolaris and Linux. Thanks again for your review. Regards Johannes -----Urspr?ngliche Nachricht----- Von: docs-discuss-bounces at opensolaris.org im Auftrag von Michelle Olson Gesendet: Do 24.08.2006 19:34 An: docs-discuss at opensolaris.org Betreff: [docs-discuss] Re: AW: [security-discuss] [cross-post]Re: Articleabout Hi, You wrote: > Thank you very much for your detailed review. > > I will cooperate the changes as quick as possible. No worries, they are all fairly minor changes. > > To mo-23: There are nine privileges: Perhaps you > missed PRIV_FILE_NANON_OWNER because it is explained > after the first eight ones. Yes, I probably missed it, just wanted to be sure. > > To mo-16: I will try to convince latex to do so. > Unfortunately, latex decides where figures are placed > ... I see, I wondered if you were able to control the placement. > > To mo-3: I doubt whether it improves the readability > if I add a TM after every OpenSolaris occurence in > the text. I agree completely, only mark the first occurance of the term, that is what I had intended with my comment. Perhaps I should annotate the first > occurence of this term with a footnote stating that > it is a registered trademark of Sun Microsystems? I don't think a footnote is needed, just a TM after the first occurance. Thanks, Michelle > > Regards > > Johannes > > > -----Urspr?ngliche Nachricht----- > Von: security-discuss-bounces at opensolaris.org im > Auftrag von Michelle Olson > Gesendet: Do 24.08.2006 01:27 > An: security-discuss at opensolaris.org > Betreff: [security-discuss] [cross-post]Re: Article > about Solaris privilegesand general and > > i Johannes, > > I'm cross-posting these comments, somehow your thread > post was lost by mailman on the docs-discuss list, so > I post my feedback here as well: > > I have read your excellent article describing your > google summer of code project. I really think the > document is well-written and organized. I also like > the graphical elements, they really help to describe > the problem and limitations that you solved through > your hard work. Thanks so much for sending this > around, my comments are below (mostly editorial > feedback, but some questions also). > > If others agree, we can post this on the docs > community, or on the muskoka project we could host > the document file--it is a nice design specification > for how privileges may be expanded in future and > indicates how user documentation will be impacted > when the changes are committed, and also how this > work can be expanded in future phases. Again, great > work!! > > If others on this list are reviewing the document, > please chime in with your progress so Johannes will > know when to expect more feedback. Here's mine: > > mo-1 In the abstract, third sentence, change 'This > article tries to provide' to 'This article provides' > > mo-2 In the abstract, second to last sentence, > change, 'Later on, examples how' to 'Later on, > examples of how' > > mo-3 Section 1, Introduction, Third paragraph, first > sentence 'The concrete task in my project was to > introduce new basic privileges in order to be able to > better control process'es access to resources'. This > sentence is a bit awkward, and because it is so > important to the document, I think it would benefit > the reader to reword it for clarity. I suggest > something like: My project introduced new 'basic' > privileges that enable better control over how > processes access resources. The word 'how' in the > above sentence might be better replaced by 'what, > when or where', but it is easier to read without the > possesive form of the word processes. If you do use > the plural possessive, I believe processes' is the > correct form. You might consider changing process'es > to processes' throughout the document. Also, the > term OpenSolaris is a trademarked term, so it should > always appear as one word and the first instance of > the term should be followed by a TM symbol. > > mo-4, Section 1, Introduction, Fourth paragraph, I > suggest re-structuring the second sentence as follows > , for readability: 'This behavior is wished for > processes that require access to global libraries and > configuration files, but require none of the > following: > 1. reliance on their associated user ID > 2. reliance on their associated group membership > 3. working with files that have limited access > (cannot be accessed by everybody) > > mo-5 Section 1, Introduction, last paragrpaph, change > 'This article intends to' to 'This article intends to > do the following:' Then, use a capital letter at the > beginning of each bullet item. > > mo-6, Section 2, Third sentence, remove the word 'So' > at the beginning of the sentence. > > mo-7 Section 2, Fourth sentence, change 'needs' to > 'need'. > > mo-8 Section 2, second paragraph, change 'This > changes in the moment,' to 'This becomes a problem in > the moment'. > > mo-8.5 Section 2, second paragraph, change > 'unexperienced' to 'inexperienced' and end that same > sentence after the words 'vulnerable process'. Then, > begin a new sentence as follows: 'The availability > of the vulnerable process is then made to do > everything the intruder wants it to do.' Splitting > up this long sentence into two makes it easier to > understand. > mo-9 Section 2, fourth paragraph, 'are still hard > coded'. I believe it is less secure to have the > actions you refer to here as hard-coded, but it isn't > clear from this sentence. Could you remove the dash > and change 'they are possible in any case' to say > 'Actions may be expoited in any case' to make this > more clear? > > mo-10 Section 2, after Figure 1, change 'that > columns' to 'that column' > > mo-11 Section3, first paragraph, change 'Diagram 1' > to 'Figure 1'. You might consider changing this > throughout the document because it is confusing for > the reader to have references in the text that don't > match the figure title. > > mo-12 Section 3, Second paragraph, change 'diagram 3' > to 'Figure 2' > > mo-13, footnote 7, change 'require applying' to > 'requires applying' > > mo-14, I really appreciate the diagrams you created, > they are excellent and really help to understand the > concepts you describe. > > mo-15, Section5, second paragraph, change 'chose' to > 'choose'. Chose is past-tense, so I think you want > choose instead. > > mo-16, Section5, diagrams 10, 11, and 12. I suggest > moving these diagrams closer to the text that > describes them, rather than stack them together. I > had some difficulty finding the right diagram to > refer to while I was reading the text int his > section. > > mo-17, Section 5, second to last paragraph, I really > appreciate that you describe the changes to file > system drivers, documentation and man pages implied > by your proposed changes, this brings a holistic view > to the project, great job! > > mo-18 Section 6, numbered list, use initial > capitalization for these sentences. > > mo-19, Section 6, second paragraph after Figure 15, > change 'The other left problems' to 'The other > leftover problems' > mo-20 Appendix A, second paragraph, change > 'authentification' to 'authentication' > > mo-21, Appendix A, footnote 17, change 'likely that > you fully understand' to 'likely that you could fully > understand' > > mo-22, Appendix A, paragraph two, change 'To protect > against this kind of attacks' to 'To protect against > these kinds of attacks'. > > mo-23, Appendix B, the first sentence states 'nine > privileges', but in your policy.c snippet, I see only > 8 items. > > mo-24, Appendix B, first paragraph after policy.c, > change 'self explaining' to 'self explanatory' > > mo-25, Appendix C, first sentence, change text to the > following: If you 'would' like to change a file > system driver in order to support the new privileges > explained in Section 5, two options exist, depending > on whether your driver is already conformant to > Solaris 10 privileges or not. > > That's it, great job again, excellent document! I'm > glad the documentation community was useful in your > project, if there are links to other resources we > should add to our pool, please do let us know. > > Regards, > Michelle > > > This message posted from opensolaris.org > _______________________________________________ > security-discuss mailing list > security-discuss at opensolaris.org > > _______________________________________________ > docs-discuss mailing list > docs-discuss at opensolaris.org > This message posted from opensolaris.org _______________________________________________ docs-discuss mailing list docs-discuss at opensolaris.org
