Ghosts of Unix past, part 3: Unfixable designs
Posted Nov 20, 2010 0:32 UTC (Sat) by giraffedata
In reply to: Ghosts of Unix past, part 3: Unfixable designs
Parent article: Ghosts of Unix past, part 3: Unfixable designs
You've hit the nail on the head better than any of the other comments or the article itself, by talking not about what the right permission scheme for all future applications is, but a fixable design that lets us recover if we pick the wrong permission scheme today.
Incidentally, I think the separateness of RACF happened out of necessity more than architecture. The filesystem formats were already cast in stone with no concept of permissions whatsoever in them. There was no concept of a user identity either. I don't know if designers of RACF considered building all that into the supervisor code and felt it would be less fixable that way or just that it would be harder, but I do like the result.
RACF and its alternatives also encompass resources other than files.
I think there are plentiful examples of this on Linux too, but I don't follow those things. Selinux? AppArmor?
to post comments)