[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: How Unix manages processes in userland
On Fri, 6 Dec 2013 04:55:14 -0500 (EST)
Matthew Orgass <darkstar%city-net.com@localhost> wrote:
> the basic Unix/BSD security model, while useful for servers, does
> not cover how users actually interact with a personal computer.
For that to be true, you'd have to explain how a personal computer is
not like a server, and why that matters to the security model. ISTM
the Unix security model was invented precisely to control user
interaction with the system.
> Fixing that involves defining and limiting what any individual
> application and application instances can do (in a way relevent to
> the user, such as this app can only modify files in this particular
So you want to associate permissions with programs instead of users.
Which is what setuid(2) gives you without creating a new vector of
things that can have permissions granted to them. That it's not used
very much suggests to me the "application may do" model is of limited
Main Index |
Thread Index |