LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Ghosts of Unix past, part 3: Unfixable designs

Ghosts of Unix past, part 3: Unfixable designs

Posted Nov 20, 2010 0:32 UTC (Sat) by giraffedata (subscriber, #1954)
In reply to: Ghosts of Unix past, part 3: Unfixable designs by skissane
Parent article: Ghosts of Unix past, part 3: Unfixable designs

You've hit the nail on the head better than any of the other comments or the article itself, by talking not about what the right permission scheme for all future applications is, but a fixable design that lets us recover if we pick the wrong permission scheme today.

Incidentally, I think the separateness of RACF happened out of necessity more than architecture. The filesystem formats were already cast in stone with no concept of permissions whatsoever in them. There was no concept of a user identity either. I don't know if designers of RACF considered building all that into the supervisor code and felt it would be less fixable that way or just that it would be harder, but I do like the result.

RACF and its alternatives also encompass resources other than files.

I think there are plentiful examples of this on Linux too, but I don't follow those things. Selinux? AppArmor?

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds