-
December 4th, 2005, 03:46 AM
#31
What would you call an account that has access to things not granted to it by the access control policy?
I would call that a contradiction in terms, and a straw man.
On my own PC, I write the goddamn access control
policy, and I am root. You got a problem with that?
No? Then STFU.
I came in to the world with nothing. I still have most of it.
-
December 4th, 2005, 03:53 AM
#32
You write the use policy, the developers write the system policy. You merely configure the system policy to ideally be in line with the use policy.
At the end of the day you have a policy of access controls... and then an account that completely voids that policy. Not sure why you have difficulty in grasping that fact... but then you have a problem grasping many facts...
cheers,
catch
-
December 4th, 2005, 04:03 AM
#33
What penance must I do, oh great one?
I came in to the world with nothing. I still have most of it.
-
December 4th, 2005, 04:17 AM
#34
Every morning look into the mirror and repeat:
Reference monitors are good enough,
Reference monitors are smart enough,
Doggone it people like reference monitors.
twenty times or so until you really believe it.
cheers,
catch
-
December 4th, 2005, 04:24 PM
#35
Originally posted here by catch
SUSE isn't bad either.
And gore... at 16, your cousin needs to learn to shut his mouth and open his mind. I think we can all agree how clueless we were at 16.
Heheheheheheheheheheheh say it more often catch
And yea, he's 16 and in high school so he's learning from me he isn't right all the time, and I make sure and tell him his freinds are idiots weekly.
-
December 4th, 2005, 11:14 PM
#36
As opposed to normal users who all have the same privilieges and then a superuser account that doesn't even use permissions.
Root undergoes no privilege or permission checks.
Super user does use permissions but then will allow override if directly specified... had plenty of moments like these editing the hosts file...
I asked "So how will groups help you set up directory that allows a user to delete files, but not subdirectories while allowing the user to create subdirectories (with a predefined set of rights different than the original directory) but not new files and disallows the user to execute files or traverse the directory and allowing them to read file attributes but not read file security settings?"
Very interesting example... Is this a real world example?
-
December 5th, 2005, 02:49 AM
#37
Super user does use permissions but then will allow override if directly specified
Not true... it does not do a permission check... observe:
Code:
[root@luna doc_root]# uname -a
Linux luna.xxxxxx.xxx 2.2.16-22 #1 Tue Aug 22 16:49:06 EDT 2000 i686 unknown
[root@luna doc_root]# ls -l test
-rwx------ 1 apache apache 2 Dec 4 10:54 test
[root@luna doc_root]# vi test
*** change the contents of test from "1234" to "23456" ***
*** No errors or warnings are issued ***
[root@luna doc_root]# ls -l test
-rwx------ 1 apache apache 3 Dec 4 10:57 test
Root is able to alter files which it has no specified rights to, since UNIX uses a default deny model... clearly no check has been done.
Is this a real world example?
Yes, one of the operators at more former employer had rights like this... useful for deleting files that other users were not allowed to delete regarding various aspects of application development, etc (when they deleted these files they went to this directory) the operator would create new subdirs for different projects or points of deletion.
cheers,
catch
-
December 6th, 2005, 10:27 AM
#38
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|