Access Control (was: Re: Real-time alarms) (fwd)

[James Buster]

On Sep 30,  7:38pm, Robert Watson wrote:
} POSIX.1e describes a set of capabilities + interface, which the Linux
} people have already implemented (with extensions to make it useful).

Other than a set of administrative capabilities, what extensions have
they added? We had to do the same for Irix, but the basic set of
capabilities was otherwise quite sufficient.

} I am not convinced that the approach selected in POSIX.1e is the correct
} approach--the lack of extensibility for capabilities looks pretty
} limiting.

Once you've dealt with least-privilege for a while you being to realize
that having a small, limited set of capabilities is the only way to go.

} It connects to /var/run/token (a unix domain socket) and transfers to
} token to the socket, along with a request for authentication to the
} username account.

So tokend does password lookup/decryption/management? How does
authentication information change under this scheme?

} Tokend, based on a policy file, would allow the exchanges of specific
} types of tokens for other tokens--for example, a valid username/password
} token for a set of UNIX uid and gid tokens representing a traditional user
} credential set.

What does a process *do* with these tokens? Pass them into the kernel?
How does the kernel validate a token given it by a process? Are tokens
inheritable by children?

-- 
Planet Bog -- pools of toxic chemicals bubble under a choking
atomsphere of poisonous gases... but aside from that, it's not
much like Earth.
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message