maandag 19 november 2007

Traditional Unix security

Traditional Unix security is based on a discretionary access control model. This discretionary access control model has properties that we must understand to be able to determine the advantages and disadvantages of this access control model and other access control models.

- It is to the discretion of the owner of the object to grant other users access to the object.

- Users are either root or user. The system can not see a difference between a process that was started by a user or executed by the system.

- Users could gain root privileges through objects that have setuid or setgid set. A process could escalate privileges.

- Access to objects are based on user identity.

- Access is liberal.

Geen opmerkingen: