[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Ideas from the I&A Forum
> Another recurring theme was "enforcement of least privilege" -- meaning that
> an authorization needs to be as specific as possible, as contrasted with the
> UNIX superuser sledgehammer. This suggests to me that there will be a huge
> number of <auth>s defined, should the world take this maxim seriously, and
> the AUTH: construct would see a great deal of use.
I believe "least privilege" is very important to many people. Obviously
military/intel folks, but even at places like banks where the Branch Manager
wants to only act as a teller, even if s/he has a gun held to his head.
> Rich Salz gave a presentation on DCE -- a nice overview -- and listed DCE's
> file permission flags. The hypothetical PKFS: permissions were lacking "X:
> execute". DCE's "C: control (change ACL)" is covered by the ability to
> delegate an <auth>. I still don't know what the DCE "T: test" permission is
> good for, so I can't suggest we add it. Rich?
The "T (test)" permission is useful when --
- You only want to grant someone "read ACL" rights, and not "read object"
rights. As in "ls -l" vs. "cat"
- You want to allow a comparison without disclosing the full state,
such as "Can Rich read this file" or "Is Rich in the 'foo' group?"
As in "grep ... >/dev/null ; echo $status" vs. "cat"
Hope this helps. Nice seeing you again Carl.
/r$