Nachricht-
Von: Nicolas Williams [mailto:[EMAIL PROTECTED]
Gesendet: Do 22.06.2006 04:36
An: Nicolai Johannes
Cc: [EMAIL PROTECTED]; zfs-discuss@opensolaris.org
Betreff: Re: AW: AW: [zfs-discuss] Proposal for new basic privileges related
with filesystem access checks
On Thu, Jun 22, 2006
An: Nicolas Williams
Cc: Nicolai Johannes; [EMAIL PROTECTED]; zfs-discuss@opensolaris.org; Mark
Shellenbaum
Betreff: Re: AW: AW: [zfs-discuss] Proposal for new basic privileges related
with filesystem access checks
On Thu, Jun 22, 2006 at 01:01:38AM +0200, [EMAIL PROTECTED] wrote:
I'm not sure
Concerning the reopen problem of files created in world writable dire=
ctories:
One may use the following algorithm:
First compute the permissions of the newly created file.
For every permission granted to the user or group, check whether the =
corresponding identity-privilege is set. If not,
Yes, world readable/writable files can still be accessed by dropping =
the new privileges. One reason are library calls that need to read so=
me public files (like things in /etc). The need to manipulate or remo=
ve world writable files is harder to justify, on the other hand, worl=
d writable
On Thursday 22 June 2006 16:55, you wrote:
Yes, world readable/writable files can still be accessed by dropping =
the new privileges. One reason are library calls that need to read so=
me public files (like things in /etc). The need to manipulate or remo=
ve world writable files is harder to
On Thu, 2006-06-22 at 10:55, [EMAIL PROTECTED] wrote:
To me, a PRIV_OBJECT_MODIFY which is required for any file modifying
operation would seem to be more useful as often a read-only user is
a worthwhile thing to have; perhaps mirrored with a PRIV_OBJECT_ACCESS
in case you want to prevent any
On Thu, 2006-06-22 at 10:55, [EMAIL PROTECTED] wrote:
To me, a PRIV_OBJECT_MODIFY which is required for any file modifying
operation would seem to be more useful as often a read-only user is
a worthwhile thing to have; perhaps mirrored with a PRIV_OBJECT_ACCESS
in case you want to prevent any
for new basic privileges related
with filesystem access checks
Thinking about PID re-use, yes, but I'm not trying to design the
specific details -- I think a set of items to cache that provides strong
security guarantees can be found. The interface would remain
unpredictable in other ways