mwm@OPAL.BERKELEY.EDU (Mike Meyer, I'll be mellow when I'm dead) (10/04/86)
>> Years ago, an article >> appeared - in Software Practice and Experience, I believe - which described >> a game of some sort, with a master list of high scores. A challenge was >> given: Maintain such a master list, given the constraints that (a) anyone >> who runs the game program can have their score recorded; (b) no one can spoof >> the records by accessing the master list directly; (c) any user, without >> special privileges, can create a new master list for his version of the game. >> These constraints are easy to satisfy on Unix with a SUID program. To this >> day, they are quite difficult to satisfy on most other systems. (Often, they >> simply CANNOT be satisfied.) Huh? Those constraints were easy to satisfy on TOPS-10 by the end of 1976. You could (this was in version 6.04, I believe) specify for each directory a map from (filename, program, PPN) to permissions, including append-to-file. Of course, you could also specify 'any' for any of the three fields when building the map. Likewise, VMS and MVS (w/ RACKF) both support access lists. I've been led to believe that AOS also has them. Obviously, almost anything that you can be done with SUID programs can be done with access lists. Likewise, I've convinced myself that anything you can do with access lists can be done with SUID programs. It's just that the SUID programs are so damn CLUMSY about so much of it, requiring a new program to be created for each element in the access list. And of course, you can't set things up so that normal tools can be used, and still have a reasonably secure system. Whereas with access lists, you could do: program=vi,emacs; user=*; file=jargon.file; perm=rw to let anyone edit jargon.file with vi or emacs. Anyone want to do the equivalent with SUID bits? <mike
jhodgson@sjuvax.UUCP (J. Hodgson) (10/08/86)
If you have ever used an operating system that supports acceess control lists you will know that it is a memory hog. The SUID bit idea is extremely elegant. There may be other mechanisms that achieve the same effect but I suspect that the SUID idea is the cheapest. Certainly I have not come across anything else that is as parsimonious in its resource requirements.