Subject: Re: ACLs (was: [ [Global InterSec 2002041701] Sudo Password Prompt Vulnerability.] )
To: Jan Schaumann <>
From: Steven M. Bellovin <>
List: tech-security
Date: 04/26/2002 09:42:07
In message <>, Jan Schaumann writes:
>Thor Lancelot Simon <> wrote:
>> If you want to let a user run one
>> particular binary as root, copy it and use group permissions (or ACLs
>> if your chosen Unix allows that; sadly NetBSD does not).
>What is the general notion on ACLs around here?  I'm still looking for a
>suitable CS Thesis topic/implementation-task, and had pondered the idea
>of ACLs.  Is that too complex a task to cover in, say, 4 months
>part-time work, or would it not be wanted to begin with?

I understand this is a Master's thesis, not a doctoral dissertation, 
but wearing my adjunct professor's hat my reaction would be "what's the 
point?"  It's been done so many times before, and has never really 

The big problem that needs solving isn't fine-grained access control to 
files.  Rather, that's a mechanism that is often proposed to solve the 
problem of fine-grained privileges.  After all, if all the world's a 
file, you can grant any privilege by controlling access to those files. 

But all the world isn't a file.  Some concepts don't fit nicely
into that model.  Consider the problem of mounting devices.  I may
want to let users do arbitrary mounts of floppies, CD-ROMs, or even
NFS resources.  But what about setuid and device entries on those
file systems?