--=121411=--
Content-Type: text/plain
Some comments on security add-ons for IBM MVS.
We can do better than this, I think; new EROS programs will know what kinds of capabilities they need, and part of the process of making factories for them will be sealing the right capabilities into the factory, analogous to linking with libraries. (In fact, linking with libraries could be accomplished by exactly this mechanism.) Therefore, trying to build a factory for a program that needs a serial-line capability, without supplying either a serial-line capability or a simulator thereof, will give you a link-time error.
Unix programs won't necessarily know what files they need access to, although strace and friends should help some with that.
--=121411=--
Content-Type: message/rfc822
Path: news-east.usenetserver.com!cyclone1.usenetserver.com!cyclone1.usenetserver.com!news-peer.gip.net!news.gsl.net!gip.net!news.voicenet.com!news2.voicenet.com.POSTED!not-for-mail
Newsgroups: alt.folklore.computers
From: nospam@nowhere.com (Steve Myers)
Subject: Re: S/360 public domain stuff?
Reply-To: nospam@nowhere.com (Steve Myers)
References: <8jooc0$nks@netaxs.com> <962590003.847276@shelley.paradise.net.nz> <C7F682DDE7EA1E20.8AFA4662C41770BF.A4E666289592A014@lp.airnews.net> <396007A6.6775D848@macquarie.com.au> <38E8DCD71A34D7E8.2E1E21E287805A7B.1AC841334EA5EF56@lp.airnews.net> <vQZ75.128$ul2.35883@news3.voicenet.com> <278929DB77D73418.93E4A8FB2C50F62D.9CB968DF9ECC6622@lp.airnews.net> <8I385.6$aQ5.2979@news2.voicenet.com> <21C30E78FE5FB3C4.E1662BD14BDCE449.3298DF6E7B47CD1F@lp.airnews.net>
X-Newsreader: IBM NewsReader/2 v1.2.5
Lines: 19
Message-ID: <ot585.10$aQ5.4089@news2.voicenet.com>
Date: Mon, 03 Jul 2000 19:04:52 GMT
NNTP-Posting-Host: 209.71.88.51
X-Complaints-To: abuse@voicenet.com
X-Trace: news2.voicenet.com 962651092 209.71.88.51 (Mon, 03 Jul 2000 15:04:52 EDT)
NNTP-Posting-Date: Mon, 03 Jul 2000 15:04:52 EDT
Xref: cyclone1.usenetserver.com alt.folklore.computers:38229
Both ACF2 and RACF have a warn mode to help you get started with resource access. If I remember correctly, ACF2 has a logging mode when it throws SMF records, but no messages, when it does not like something. So, you don't have to have it exactly right when you start both RACF and ACF2.
RACF allows individual access rules to have what amounts to a warn mode.
In <21C30E78FE5FB3C4.E1662BD14BDCE449.3298DF6E7B47CD1F@lp.airnews.net>, jmaynard@thebrain.conmicro.cx (Jay Maynard) writes:
>On Mon, 03 Jul 2000 17:04:04 GMT, Steve Myers <nospam@nowhere.com> wrote:
>>The ACF2 "secure by default" idea is valid. In fact, it is the way to go,
>>and that is the way many, if not all, RACF shops now operate.
>
>The problem is not running it once it's all set up, but the transition
>period. Unless you get it *exactly* right, the first time, you have
>problems. Yes, RACF is theoretically less secure...but if the choice is
>between unsecure and running, and secure and down, I know which I'd pick.
--=121411=----
-- <kragen@pobox.com> Kragen Sitaker <http://www.pobox.com/~kragen/> The Internet stock bubble didn't burst on 1999-11-08. Hurrah! <URL:http://www.pobox.com/~kragen/bubble.html> The power didn't go out on 2000-01-01 either. :)