[cap-talk] capability networks compared with ACL networks?
John Carlson
john.carlson3 at sbcglobal.net
Thu Feb 5 23:01:11 EST 2009
>
> One thing that bothers me about his essay is that it only addresses
> file
> access. IMHO, file access is a relatively narrow and uninteresting
> part of
> the access control problem. More important is access control for
> active
> entities, call them servers, daemons, databases etc. These include
> things
> such as CVS, MySQL, Apache etc. etc. Perhaps he will discuss them
> when he
> discusses the setuid bit. It still seems likely to me that the
> result will
> be a separate form of access control for active entities, with
> different
> syntax and semantics. Oh well.
Don't forget access to network ports--perhaps a mixture between a file
and an active entity.
In particular, I am thinking of bind, where a port is bound to an
active entity. I only know
Berkeley and Unix sockets, ideas from other networks would be
interesting.
Maybe everything should be thought of as a port--some place where
active entities service and get serviced, and
where active entities rest.
Or perhaps you prefer socket--where things hook up to get the current
flowing.
Are there any ideas from the OSI model which have been forgotten?
John
More information about the cap-talk
mailing list