Re: Upcoming 1.1.1 changes


From: Amon Ott <ao@rsbac.org>
Subject: Re: Upcoming 1.1.1 changes
Date: Fri, 5 Jan 2001 09:48:52 +0100

Next Article (by Date): Re: patch-2.4.0-prerelease-v1.1.0 is uploaded Amon Ott
Previous Article (by Date): Re: patch-2.4.0-prerelease-v1.1.0 is uploaded "John Huttley"
Top of Thread: Upcoming 1.1.1 changes Amon Ott
Next in Thread: Re: Upcoming 1.1.1 changes "john huttley"
Articles sorted by: [Date] [Author] [Subject]


On Don, 04 Jan 2001 John Huttley wrote:
> ----- Original Message -----
> From: Amon Ott <ao@rsbac.org>
> To: RSBAC List <rsbac@compuniverse.de>
> Sent: Friday, 5 January 2001 01:09
> Subject: Upcoming 1.1.1 changes
> > 1.1.1-pre1 is getting into shape now.
> >
> > Other wishes?
> >
> 
> Yes.
> 
> The semantics of the FF module are confusing.
> 
> It ought to be one of the simplest models, but I cant figure it out.
> 
> Firstly there is the naming of attributes as "only".
> 
> This implies exclusivity. It is logically impossible to have two attributes named
> "only" active
> at the same time. If they could be applied simultaneously then they can't be
> "only" can they??

No, the naming means 'grant only this type of access'.

> Secondly there is the nature of the default flags.
> The default seems to be no flags, which permits all access.
> The flags (excepting secure delete and inherit) should then be defined as "deny"
> flags.
> 
> EG: read_deny, write_deny, execute_deny, search_deny.
> These can be combined logically without any semantic problems.

This is just another viewpoint.
 
> (what happens if you put execute_only and no_execute flags on together?)

FF is restrictive, so both flags are applied: One says, you can only execute,
the other says, you can not execute. The result is no access at all.

This is Unix after all: You are perfectly free to shoot into your own foot. ;)

Maybe the menu tools should be more explicit.

> Thirdly,  the interaction between inherited and explicit needs to expanded.
> Either to have an inherit mask or to have tri-state flags (on, off, inherit)

Tristate could be a useful expansion. However, the current idea is a
two-state-model:

1. add_inherited is set: apply explicit flags *and* add inherited ones
2. add_inherited is not set: apply explicit flags only

On inheritance, only the valid flags directly above count.

> Are you familiar with the Netware Flags? (as against trustees)

I have worked with Netware 3.11 to 4.1 for several years - thus the ACL model.

> That is a pretty good model.

I will have a look - my Netware experience is a bit rusty by now. FF is partly
inspired by Netware, but I found my set of flags more useful then.
   
> Probably a lot of work, but something to think about for the future.

Probably not really much - the FF_flags attribute is there, and the FF
infrastructure, too.

I will first update the model description in modules.htm to make the behaviour
clearer.

Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Re: patch-2.4.0-prerelease-v1.1.0 is uploaded Amon Ott
Previous Article (by Date): Re: patch-2.4.0-prerelease-v1.1.0 is uploaded "John Huttley"
Top of Thread: Upcoming 1.1.1 changes Amon Ott
Next in Thread: Re: Upcoming 1.1.1 changes "john huttley"
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.