[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ideas from the I&A Forum

> Another recurring theme was "enforcement of least privilege" -- meaning that
> an authorization needs to be as specific as possible, as contrasted with the
> UNIX superuser sledgehammer.  This suggests to me that there will be a huge
> number of <auth>s defined, should the world take this maxim seriously, and
> the AUTH: construct would see a great deal of use.

I believe "least privilege" is very important to many people.  Obviously
military/intel folks, but even at places like banks where the Branch Manager
wants to only act as a teller, even if s/he has a gun held to his head.

> Rich Salz gave a presentation on DCE -- a nice overview -- and listed DCE's
> file permission flags.  The hypothetical PKFS: permissions were lacking "X:
> execute".  DCE's "C: control (change ACL)" is covered by the ability to
> delegate an <auth>.  I still don't know what the DCE "T: test" permission is
> good for, so I can't suggest we add it.  Rich?

The "T (test)" permission is useful when --
    -	You only want to grant someone "read ACL" rights, and not "read object"
	rights.  As in "ls -l" vs. "cat"
    -	You want to allow a comparison without disclosing the full state,
	such as "Can Rich read this file" or "Is Rich in the 'foo' group?"
	As in "grep ... >/dev/null ; echo $status" vs. "cat"

Hope this helps.  Nice seeing you again Carl.