Enforcing Permissions

T. William Wells bill at twwells.uucp
Sun May 7 01:41:20 AEST 1989


In article <8134 at phoenix.Princeton.EDU> bernsten at phoenix.Princeton.EDU (Dan Bernstein) writes:
: There is a fundamental problem with UNIX security that alone prevents
: acceptance of UNIX at the B1 security classification or above: It is
: not possible to cure a security violation, only to prevent it. There
: is no way for a user to close a hole that is being used.
:
: For example, access permissions on a file are only checked at the time
: of an open(). Once a process has a file open, there is no way to force
: it to give up the file descriptor.

Kill -9 might be overkill, but it certainly would do the job.

---
Bill                            { uunet | novavax } !twwells!bill



More information about the Comp.unix.wizards mailing list