[cap-talk] More Heresey: ACLs not inherently bad
Karp, Alan H
alan.karp at hp.com
Wed Sep 24 10:21:44 CDT 2008
Rob Meijer wrote:
>
> I don't think the problem of editing a file before sudo would fit in with
> retrofit solutions either. If it could that would be very interesting to
> learn about. If an oblivious application has an open file handle opened
> with diminished (read only) rights, delegating write permissions to such
> an unchanged oblivious application on the opened file handle would seem
> like quite a challenge.
>
Weiler's Law: "Nothing is impossible for the man who doesn't have to do it himself." :)
In this case, I can imagine the error return on a failed write going to the user's power box, giving the user the ability to add the needed permission.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list