AW: AW: AW: [zfs-discuss] Proposal for new basic privileges related with filesystem access checks

Nachricht- Von: Nicolas Williams [mailto:[EMAIL PROTECTED] Gesendet: Do 22.06.2006 04:36 An: Nicolai Johannes Cc: [EMAIL PROTECTED]; zfs-discuss@opensolaris.org Betreff: Re: AW: AW: [zfs-discuss] Proposal for new basic privileges related with filesystem access checks On Thu, Jun 22, 2006

AW: AW: AW: [zfs-discuss] Proposal for new basic privileges related with filesystem access checks

An: Nicolas Williams Cc: Nicolai Johannes; [EMAIL PROTECTED]; zfs-discuss@opensolaris.org; Mark Shellenbaum Betreff: Re: AW: AW: [zfs-discuss] Proposal for new basic privileges related with filesystem access checks On Thu, Jun 22, 2006 at 01:01:38AM +0200, [EMAIL PROTECTED] wrote: I'm not sure

Re: AW: AW: AW: [zfs-discuss] Proposal for new basic privileges related with filesystem access checks

Concerning the reopen problem of files created in world writable dire= ctories: One may use the following algorithm: First compute the permissions of the newly created file. For every permission granted to the user or group, check whether the = corresponding identity-privilege is set. If not,

Re: AW: AW: AW: [zfs-discuss] Proposal for new basic privileges related with filesystem access checks

Yes, world readable/writable files can still be accessed by dropping = the new privileges. One reason are library calls that need to read so= me public files (like things in /etc). The need to manipulate or remo= ve world writable files is harder to justify, on the other hand, worl= d writable

Re: AW: AW: AW: [zfs-discuss] Proposal for new basic privileges related with filesystem access checks

On Thursday 22 June 2006 16:55, you wrote: Yes, world readable/writable files can still be accessed by dropping = the new privileges. One reason are library calls that need to read so= me public files (like things in /etc). The need to manipulate or remo= ve world writable files is harder to

Re: [Security-discuss] Re: AW: AW: AW: [zfs-discuss] Proposal for new basic privileges related with filesystem access checks

On Thu, 2006-06-22 at 10:55, [EMAIL PROTECTED] wrote: To me, a PRIV_OBJECT_MODIFY which is required for any file modifying operation would seem to be more useful as often a read-only user is a worthwhile thing to have; perhaps mirrored with a PRIV_OBJECT_ACCESS in case you want to prevent any

Re: [Security-discuss] Re: AW: AW: AW: [zfs-discuss] Proposal for new basic privileges related with filesystem access checks

On Thu, 2006-06-22 at 10:55, [EMAIL PROTECTED] wrote: To me, a PRIV_OBJECT_MODIFY which is required for any file modifying operation would seem to be more useful as often a read-only user is a worthwhile thing to have; perhaps mirrored with a PRIV_OBJECT_ACCESS in case you want to prevent any

AW: AW: AW: [zfs-discuss] Proposal for new basic privileges related with filesystem access checks

for new basic privileges related with filesystem access checks Thinking about PID re-use, yes, but I'm not trying to design the specific details -- I think a set of items to cache that provides strong security guarantees can be found. The interface would remain unpredictable in other ways