tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: How Unix manages processes in userland



On Fri, 6 Dec 2013 04:55:14 -0500 (EST)
Matthew Orgass <darkstar%city-net.com@localhost> wrote:

> the basic Unix/BSD security model, while useful for servers, does 
> not cover how users actually interact with a personal computer.

For that to be true, you'd have to explain how a personal computer is
not like a server, and why that matters to the security model.  ISTM
the Unix security model was invented precisely to control user
interaction with the system.  

> Fixing that involves defining and limiting what any individual
> application and application instances can do (in a way relevent to
> the user, such as this app can only modify files in this particular
> directory

So you want to associate permissions with programs instead of users.
Which is what setuid(2) gives you without creating a new vector of
things that can have permissions granted to them.  That it's not used
very much suggests to me the "application may do" model is of limited
use.  

--jkl


Home | Main Index | Thread Index | Old Index