• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: setuid for priv sockets?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: setuid for priv sockets?

  • Subject: Re: setuid for priv sockets?
  • From: Stephen Hoffman <email@hidden>
  • Date: Fri, 31 Oct 2008 22:43:02 -0400
  • Organization: HoffmanLabs LLC
Terry Lambert writes:

As far as installation time grants, historically computer scientists have called those "installed images". VMS had this ability, for example. I'm not, in principle, against those, as long as there is some other user controllable way to get the same rights for my software that are being granted by my OS and OS vendor to some other software vendor installing code on my machine. If I paid for the atoms, I own them, and they will freaking well do what I tell them to do.
The more flexible approach with OpenVMS is not the comparatively primitive and older installed image mechanism, it is the so-called subsystem identifier.

The installed privileged image of OpenVMS is roughly akin to setuid, with the somewhat finer granularity (or the increased confusion) of forty-some privileges present on OpenVMS. Regardless, the installed image mechanism is a fairly large hammer. Like setuid, in that regard.

The more flexible subsystem identifier mechanism on OpenVMS is a particular format of identifier (capability) that can be present within the ACL of an application. This entry isn't considered when the application is accessed, but is considered when the application is invoked. When invoked, the specified identifier (capability) is added to the list of capabilities available to the process for the duration of the activation. This operates and is managed much like adding a privilege or adding root access, but can be far more flexible, and far more tailored. Obviously, adding the subsystem identifier onto the ACL is a controlled and restricted operation.

With OpenVMS, ACLs can be attached to most objects. Files, devices, shared memory, queues, etc. And there are various actions that can be performed using the entries within ACL, though certainly not as many actions and options as there should be available there. Security auditing (roughly security logging) and security alarms (roughly syslog) are two such options available via ACL entries.

There are other ways to grant privileges for the duration of an application executing within the OpenVMS environment, and there are a variety of mechanisms intended to protect the run-time context. And protect that context with varying degrees of success; code executing within the TCB is tougher to design and create than it looks.





_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




    

  • Prev by Date:
Re: setuid for priv sockets?

    • 

  • Previous by thread:
Re: setuid for priv sockets?

    • 

  • Next by thread:
SOL_NDRVPROTO

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •