Re: what's next for the linux kernel?

[Nikita Danilov]

Luke Kenneth Casson Leighton writes:

[...]

 > > That's exactly the point: Unix file system model is more flexible than
 > > alternatives. 
 > 
 >  *grin*.  sorry - i have to disagree with you (but see below).
 > 
 >  i was called in to help a friend of mine at EDS to do a bastion sftp
 >  server to write some selinux policy files because POSIX filepermissions
 >  could not fulfil the requirements.

First, I was talking about flexibility attained through the separation
of notions of file and index. You just claimed elsewhere that this is
the direction ntfs took (with the introduction of hard-links).

Then, every security model has its weakness and corner cases. Try to
express

        rw-r-xrw- (0656)

POSIX bits with canonical NT ACLs (hint: in NT allow-ACEs are
accumulated).

[...]

 > 
 >  POSIX permissions were designed to fit into what... 16 bits,
 >  so they didn't have a lot to play with.

That very good property for a security model: simplicity is a virtue
here.

Nikita.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/