RE: Defect in XCU rm

To:	"'Geoff Clare'" <yyy@xxxxxxxxxxxxx>, <yyyyyyyyyyyyyyy@xxxxxxxxxxxxx>
Subject:	RE: Defect in XCU rm
From:	"Mark Funkenhauser" <yyyyyyyyyyyyy@xxxxxxxxxx>
Date:	Wed, 12 Mar 2003 20:22:53 -0500

I don't believe your suggestion would be acceptable.

The wording in 3.4 and 4.4 was explicitly added to the POSIX.1 standard
to allow implemenations of addition *security* mechanisms and security
policies.
(Like enhanced Descretionary Access Controls)
These are low level mechanisms, integral to the overall security policy 
of the system and are applicable to all files and api's on the system.

The issue being discussed here has to do with a particular unpleasant
side effect 
of a specific scenario with the rm utility.
It has nothing to do with file access control or security mechanisms.

The wording in 3.4 and 4.4 cannot be used to justify arbitrary
implementation specific behaviours of individual utilities.

mark

> -----Original Message-----
> From: Geoff Clare [mailto:yyy@xxxxxxxxxxxxx] 
> Sent: Wednesday, March 12, 2003 4:23 AM
> To: yyyyyyyyyyyyyy@xxxxxxxxxxxxx
> Subject: RE: Defect in XCU rm
> 
> 
> "Mark Funkenhauser" <yyyyyyyyyyyyy@xxxxxxxxxx> wrote, on Tue 
> 11 Mar 2003:
> 
> > > I think the standard already allows you to do this if you want to.
> > > 
> > > All you need to do is document it as an "Additional File Access
> > > Control Mechanism".  See XBD6 section 3.4.
> 
> > I respectfully disagree.
> > I don't see how special casing the behaviour of "rm -r /" 
> > has anything to do with an "additional access control mechanisms".
> > Section 3.4 cannot be mis-interpreted this way.
> > 3.4 exists only as a part of XBD section 4.4.
> 
> I can't see anything in 3.4 or 4.4 that restricts what form an
> "Additional File Access Control Mechanism" can take.  All that
> is required is that it does not grant permissions beyond those
> defined by the file permission bits.
> 
> As far as I can see the following would be an acceptable
> addition to the system's documentation:
> 
>     The system implements an Additional File Access Control
>     Mechanism whereby all permissions (read, write and search) for
>     the root directory "/" are denied to any process, including
>     privileged processes, if the system determines that the
>     purpose of the access is the recursive removal of all files
>     below "/".  For example, execution of the shell command
>     "rm -rf /" produces a "permission denied" error.
> 
> 
> -- 
> Geoff Clare
> The Open Group, Apex Plaza, Forbury Road, Reading, RG1 1AX, England
> Email: yyyyyyy@xxxxxxxxxxxxx   Tel: +44 118 9508311
>

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Defect in XCU rm, (continued) Re: Defect in XCU rm, evought Re: Defect in XCU rm, Larry Dwyer Re: Defect in XCU rm, evought Re: Defect in XCU rm, Larry Dwyer Re: Defect in XCU rm, Nick Stoughton Re: Defect in XCU rm, Jim Zepeda Re: Defect in XCU rm, Dragan Cvetkovic RE: Defect in XCU rm, Jason Zions Re: Defect in XCU rm, Andries.Brouwer Re: Defect in XCU rm, evought RE: Defect in XCU rm, Mark Funkenhauser <= RE: Defect in XCU rm, evought Defect in XCU rm, eggert Defect in XCU rm, eggert

Previous by Date:	Re: Defect in XCU rm, Andries.Brouwer
Next by Date:	Re: Defect in XCU rm, evought
Previous by Thread:	Re: Defect in XCU rm, evought
Next by Thread:	RE: Defect in XCU rm, evought
Indexes:	[Date] [Thread] [All Lists]