Hi Johannes, This new PDF looks great, three more comments:
mo-26 I would remove the word 'registered' from the footnote about the OpenSolaris trademark, OpenSolaris is a trademark, but not a registered trademark, which has a different use and connotation. mo-27 In the new list on page 3, there is a typo in item 3, change 'rorking' to 'working'. mo-28 I did find one other instance of 'authentification' on page 23, I think. All else looks good, great job turning these changes around, I'm really glad you found assistance with latex and graphic placements, it improves the flow of the document and makes better use of the fine diagrams. Thanks, Michelle >Date: Thu, 24 Aug 2006 20:04:56 +0200 >From: Nicolai Johannes <Johannes.Nicolai at student.hpi.uni-potsdam.de> >Subject: RE: [docs-discuss] Re: AW: [security-discuss] [cross-post]Re: Articleabout >To: Michelle Olson <michelle.olson at sun.com>, docs-discuss at opensolaris.org >Cc: security-discuss at opensolaris.org >MIME-version: 1.0 >X-MIMEOLE: Produced By Microsoft Exchange V6.5.7226.0 >Content-class: urn:content-classes:message >Thread-topic: [docs-discuss] Re: AW: [security-discuss] [cross-post]Re: Articleabout >Thread-index: AcbHo9ennwgnOR+lR8uMwfVYZ7HCIQAA/b9o >X-PMX-Version: 5.2.0.264296 >X-MS-Has-Attach: >X-MS-TNEF-Correlator: >X-OriginalArrivalTime: 24 Aug 2006 18:08:30.0666 (UTC) FILETIME=[4E2D42A0:01C6C7A8] >Content-Transfer-Encoding: 8bit >X-MIME-Autoconverted: from quoted-printable to 8bit by jurassic.eng.sun.com id k7OI8lJj565478 > >With the help of a person who knows latex better than me, I have even managed to control the placements of the figures now. >Take a look at http://myhpi.de/~nicolai/GSoC.pdf for the revised article. > >I have now placed a trademark after the first occurence of OpenSolaris and added two footnotes for the the trademark holders of OpenSolaris and Linux. > >Thanks again for your review. > >Regards > >Johannes > > >-----Urspr?ngliche Nachricht----- >Von: docs-discuss-bounces at opensolaris.org im Auftrag von Michelle Olson >Gesendet: Do 24.08.2006 19:34 >An: docs-discuss at opensolaris.org >Betreff: [docs-discuss] Re: AW: [security-discuss] [cross-post]Re: Articleabout > >Hi, > >You wrote: > >> Thank you very much for your detailed review. >> >> I will cooperate the changes as quick as possible. >No worries, they are all fairly minor changes. >> >> To mo-23: There are nine privileges: Perhaps you >> missed PRIV_FILE_NANON_OWNER because it is explained >> after the first eight ones. > >Yes, I probably missed it, just wanted to be sure. >> >> To mo-16: I will try to convince latex to do so. >> Unfortunately, latex decides where figures are placed >> ... >I see, I wondered if you were able to control the placement. >> >> To mo-3: I doubt whether it improves the readability >> if I add a TM after every OpenSolaris occurence in >> the text. >I agree completely, only mark the first occurance of the term, that is what I had intended with my comment. > >Perhaps I should annotate the first >> occurence of this term with a footnote stating that >> it is a registered trademark of Sun Microsystems? > >I don't think a footnote is needed, just a TM after the first occurance. > >Thanks, >Michelle >> >> Regards >> >> Johannes >> >> >> -----Urspr?ngliche Nachricht----- >> Von: security-discuss-bounces at opensolaris.org im >> Auftrag von Michelle Olson >> Gesendet: Do 24.08.2006 01:27 >> An: security-discuss at opensolaris.org >> Betreff: [security-discuss] [cross-post]Re: Article >> about Solaris privilegesand general and >> >> i Johannes, >> >> I'm cross-posting these comments, somehow your thread >> post was lost by mailman on the docs-discuss list, so >> I post my feedback here as well: >> >> I have read your excellent article describing your >> google summer of code project. I really think the >> document is well-written and organized. I also like >> the graphical elements, they really help to describe >> the problem and limitations that you solved through >> your hard work. Thanks so much for sending this >> around, my comments are below (mostly editorial >> feedback, but some questions also). >> >> If others agree, we can post this on the docs >> community, or on the muskoka project we could host >> the document file--it is a nice design specification >> for how privileges may be expanded in future and >> indicates how user documentation will be impacted >> when the changes are committed, and also how this >> work can be expanded in future phases. Again, great >> work!! >> >> If others on this list are reviewing the document, >> please chime in with your progress so Johannes will >> know when to expect more feedback. Here's mine: >> >> mo-1 In the abstract, third sentence, change 'This >> article tries to provide' to 'This article provides' >> >> mo-2 In the abstract, second to last sentence, >> change, 'Later on, examples how' to 'Later on, >> examples of how' >> >> mo-3 Section 1, Introduction, Third paragraph, first >> sentence 'The concrete task in my project was to >> introduce new basic privileges in order to be able to >> better control process'es access to resources'. This >> sentence is a bit awkward, and because it is so >> important to the document, I think it would benefit >> the reader to reword it for clarity. I suggest >> something like: My project introduced new 'basic' >> privileges that enable better control over how >> processes access resources. The word 'how' in the >> above sentence might be better replaced by 'what, >> when or where', but it is easier to read without the >> possesive form of the word processes. If you do use >> the plural possessive, I believe processes' is the >> correct form. You might consider changing process'es >> to processes' throughout the document. Also, the >> term OpenSolaris is a trademarked term, so it should >> always appear as one word and the first instance of >> the term should be followed by a TM symbol. >> >> mo-4, Section 1, Introduction, Fourth paragraph, I >> suggest re-structuring the second sentence as follows >> , for readability: 'This behavior is wished for >> processes that require access to global libraries and >> configuration files, but require none of the >> following: >> 1. reliance on their associated user ID >> 2. reliance on their associated group membership >> 3. working with files that have limited access >> (cannot be accessed by everybody) >> >> mo-5 Section 1, Introduction, last paragrpaph, change >> 'This article intends to' to 'This article intends to >> do the following:' Then, use a capital letter at the >> beginning of each bullet item. >> >> mo-6, Section 2, Third sentence, remove the word 'So' >> at the beginning of the sentence. >> >> mo-7 Section 2, Fourth sentence, change 'needs' to >> 'need'. >> >> mo-8 Section 2, second paragraph, change 'This >> changes in the moment,' to 'This becomes a problem in >> the moment'. >> >> mo-8.5 Section 2, second paragraph, change >> 'unexperienced' to 'inexperienced' and end that same >> sentence after the words 'vulnerable process'. Then, >> begin a new sentence as follows: 'The availability >> of the vulnerable process is then made to do >> everything the intruder wants it to do.' Splitting >> up this long sentence into two makes it easier to >> understand. >> mo-9 Section 2, fourth paragraph, 'are still hard >> coded'. I believe it is less secure to have the >> actions you refer to here as hard-coded, but it isn't >> clear from this sentence. Could you remove the dash >> and change 'they are possible in any case' to say >> 'Actions may be expoited in any case' to make this >> more clear? >> >> mo-10 Section 2, after Figure 1, change 'that >> columns' to 'that column' >> >> mo-11 Section3, first paragraph, change 'Diagram 1' >> to 'Figure 1'. You might consider changing this >> throughout the document because it is confusing for >> the reader to have references in the text that don't >> match the figure title. >> >> mo-12 Section 3, Second paragraph, change 'diagram 3' >> to 'Figure 2' >> >> mo-13, footnote 7, change 'require applying' to >> 'requires applying' >> >> mo-14, I really appreciate the diagrams you created, >> they are excellent and really help to understand the >> concepts you describe. >> >> mo-15, Section5, second paragraph, change 'chose' to >> 'choose'. Chose is past-tense, so I think you want >> choose instead. >> >> mo-16, Section5, diagrams 10, 11, and 12. I suggest >> moving these diagrams closer to the text that >> describes them, rather than stack them together. I >> had some difficulty finding the right diagram to >> refer to while I was reading the text int his >> section. >> >> mo-17, Section 5, second to last paragraph, I really >> appreciate that you describe the changes to file >> system drivers, documentation and man pages implied >> by your proposed changes, this brings a holistic view >> to the project, great job! >> >> mo-18 Section 6, numbered list, use initial >> capitalization for these sentences. >> >> mo-19, Section 6, second paragraph after Figure 15, >> change 'The other left problems' to 'The other >> leftover problems' >> mo-20 Appendix A, second paragraph, change >> 'authentification' to 'authentication' >> >> mo-21, Appendix A, footnote 17, change 'likely that >> you fully understand' to 'likely that you could fully >> understand' >> >> mo-22, Appendix A, paragraph two, change 'To protect >> against this kind of attacks' to 'To protect against >> these kinds of attacks'. >> >> mo-23, Appendix B, the first sentence states 'nine >> privileges', but in your policy.c snippet, I see only >> 8 items. >> >> mo-24, Appendix B, first paragraph after policy.c, >> change 'self explaining' to 'self explanatory' >> >> mo-25, Appendix C, first sentence, change text to the >> following: If you 'would' like to change a file >> system driver in order to support the new privileges >> explained in Section 5, two options exist, depending >> on whether your driver is already conformant to >> Solaris 10 privileges or not. >> >> That's it, great job again, excellent document! I'm >> glad the documentation community was useful in your >> project, if there are links to other resources we >> should add to our pool, please do let us know. >> >> Regards, >> Michelle >> >> >> This message posted from opensolaris.org >> _______________________________________________ >> security-discuss mailing list >> security-discuss at opensolaris.org >> >> _______________________________________________ >> docs-discuss mailing list >> docs-discuss at opensolaris.org >> > > >This message posted from opensolaris.org >_______________________________________________ >docs-discuss mailing list >docs-discuss at opensolaris.org > >
