From: Helge Hafting <helge.hafting@aitel.hist.no>
To: Valdis.Kletnieks@vt.edu
Cc: Marc Perkel <marc@perkel.com>, linux-kernel@vger.kernel.org
Subject: Re: what's next for the linux kernel?
Date: Thu, 06 Oct 2005 11:31:59 +0200 [thread overview]
Message-ID: <4344EF0F.90402@aitel.hist.no> (raw)
In-Reply-To: <200510060803.j9683aXK026732@turing-police.cc.vt.edu>
Valdis.Kletnieks@vt.edu wrote:
>The part that you managed to miss is that this is MAC - *Mandatory*
>Access Control. This means that the *sysadmin* gets to say "this user
>can't look at that file" - and there's nothing(*) either the owner of the
>file or the user can do about it. There's no chmod or chattr or chacl
>command that the owner can issue to let somebody else read it - that's
>the whole *point* of MAC.
>
>(*) Well.. almost nothing. The owner *may* be able to copy the contents
>of the file to another file that the other user is allowed to read. On the
>other hand, the ability to do this would generally indicate a buggy policy....
>
>
Seems to me there is no use taking away the owners ability to chmod,
precisely because the owner always can get around that. (Unless
the owner doesn't even have the right to read his own file.)
You can have a restricted "copy" program, but nothing prevents a
user from making his own copy program, if he can read the file.
Or the user can load the file into the intended app, and "save as"
to some other filename and directory. Or the user can do a screendump,
or even take a picture of the screen.
Company policy may of course forbid the user to bring a camera, just as it
might forbid the user to do "chmod o+r" on important files. I am not
sure that we need the OS to try to enforce such things.
Helge Hafting
next prev parent reply other threads:[~2005-10-06 9:30 UTC|newest]
Thread overview: 241+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-02 20:47 what's next for the linux kernel? Luke Kenneth Casson Leighton
2005-10-02 21:05 ` Rik van Riel
2005-10-02 23:05 ` Luke Kenneth Casson Leighton
2005-10-02 23:26 ` Rik van Riel
2005-10-03 1:26 ` Luke Kenneth Casson Leighton
2005-10-03 1:53 ` Rik van Riel
2005-10-02 23:37 ` Vadim Lobanov
2005-10-03 0:54 ` Luke Kenneth Casson Leighton
2005-10-03 1:20 ` Vadim Lobanov
2005-10-03 1:47 ` Al Viro
2005-10-03 1:50 ` Vadim Lobanov
2005-10-03 1:53 ` Al Viro
2005-10-03 2:00 ` Luke Kenneth Casson Leighton
2005-10-03 9:34 ` Erik Mouw
2005-10-03 1:53 ` Luke Kenneth Casson Leighton
2005-10-03 2:31 ` Vadim Lobanov
2005-10-02 23:14 ` D. Hazelton
2005-10-03 10:36 ` Giuseppe Bilotta
2005-10-03 21:34 ` Nix
2005-10-03 18:19 ` Lennart Sorensen
2005-10-04 12:53 ` Luke Kenneth Casson Leighton
2005-10-04 13:13 ` linux-os (Dick Johnson)
2005-10-04 13:47 ` Lennart Sorensen
2005-10-04 17:12 ` Bill Davidsen
2005-10-04 16:20 ` Gene Heskett
2005-10-03 2:12 ` Horst von Brand
2005-10-03 16:32 ` Valdis.Kletnieks
2005-10-03 19:02 ` Luke Kenneth Casson Leighton
2005-10-03 2:55 ` Valdis.Kletnieks
2005-10-03 3:25 ` Rik van Riel
2005-10-03 19:13 ` Alan Cox
2005-10-03 21:22 ` Luke Kenneth Casson Leighton
2005-10-03 5:03 ` Sonny Rao
2005-10-03 21:12 ` Luke Kenneth Casson Leighton
2005-10-03 23:46 ` Sonny Rao
2005-10-03 19:18 ` Alan Cox
2005-10-03 21:07 ` Luke Kenneth Casson Leighton
2005-10-03 22:05 ` Alan Cox
2005-10-04 14:01 ` Andi Kleen
2005-10-04 3:51 ` Valdis.Kletnieks
2005-10-03 0:04 ` Martin J. Bligh
2005-10-03 0:14 ` Randy.Dunlap
2005-10-03 0:44 ` Luke Kenneth Casson Leighton
2005-10-03 7:50 ` Meelis Roos
2005-10-03 18:08 ` Lennart Sorensen
2005-10-03 18:28 ` linux-os (Dick Johnson)
2005-10-03 20:00 ` Jon Masters
2005-10-03 18:56 ` Luke Kenneth Casson Leighton
2005-10-03 1:10 ` Luke Kenneth Casson Leighton
2005-10-03 1:18 ` Rik van Riel
2005-10-03 1:27 ` Chase Venters
2005-10-04 12:59 ` Luke Kenneth Casson Leighton
2005-10-04 15:01 ` Tushar Adeshara
2005-10-04 15:04 ` Nikita Danilov
2005-10-04 15:58 ` Luke Kenneth Casson Leighton
2005-10-04 16:17 ` Luke Kenneth Casson Leighton
2005-10-04 17:15 ` Nikita Danilov
2005-10-04 17:23 ` Luke Kenneth Casson Leighton
2005-10-04 17:40 ` Nikita Danilov
2005-10-04 17:30 ` Rik van Riel
2005-10-06 0:07 ` Luke Kenneth Casson Leighton
2005-10-06 9:56 ` David Weinehall
2005-10-06 17:23 ` Rik van Riel
2005-10-06 19:22 ` Luke Kenneth Casson Leighton
2005-10-07 0:38 ` Luke Kenneth Casson Leighton
2005-10-07 1:10 ` Al Viro
2005-10-07 0:40 ` Luke Kenneth Casson Leighton
2005-10-03 17:56 ` Joe Bob Spamtest
[not found] ` <20051003185804.GB8548@lkcl.net>
[not found] ` <43418834.6070400@spamtest.viacore.net>
2005-10-03 20:30 ` Luke Kenneth Casson Leighton
2005-10-02 22:49 ` Christoph Hellwig
2005-10-02 23:24 ` Luke Kenneth Casson Leighton
2005-10-03 4:04 ` Willy Tarreau
2005-10-03 0:38 ` Kurt Wall
2005-10-03 0:36 ` Kurt Wall
2005-10-03 0:43 ` David Leimbach
2005-10-03 5:45 ` Nick Piggin
2005-10-03 14:20 ` Jon Masters
2005-10-03 16:00 ` Miklos Szeredi
2005-10-03 19:12 ` Luke Kenneth Casson Leighton
2005-10-03 19:31 ` Miklos Szeredi
2005-10-03 20:22 ` Luke Kenneth Casson Leighton
2005-10-03 21:55 ` Jon Masters
2005-10-04 1:33 ` Jason Stubbs
2005-10-04 12:22 ` Luke Kenneth Casson Leighton
2005-10-04 19:47 ` Marc Perkel
2005-10-04 21:15 ` Luke Kenneth Casson Leighton
2005-10-04 23:40 ` Chase Venters
2005-10-05 5:35 ` Valdis.Kletnieks
2005-10-05 10:07 ` Luke Kenneth Casson Leighton
2005-10-05 6:54 ` Steven Rostedt
2005-10-05 10:03 ` Luke Kenneth Casson Leighton
2005-10-05 10:26 ` Luke Kenneth Casson Leighton
2005-10-05 11:04 ` Diego Calleja
2005-10-06 19:15 ` Luke Kenneth Casson Leighton
2005-10-06 5:04 ` Chase Venters
2005-10-06 4:27 ` [ANNOUNCE] Wolf Mountain File System [what's next for the linux kernel] jmerkey
2005-10-06 4:32 ` jmerkey
2005-10-06 10:44 ` Luke Kenneth Casson Leighton
2005-10-06 14:24 ` jmerkey
2005-10-06 8:08 ` Valdis.Kletnieks
2005-10-06 14:25 ` jmerkey
2005-10-11 18:18 ` [ANNOUNCE] Wolf Mountain File System Jeff V. Merkey
2005-10-06 15:10 ` what's next for the linux kernel? Michael Concannon
2005-10-06 19:28 ` Luke Kenneth Casson Leighton
2005-10-06 20:13 ` Michael Concannon
2005-10-06 20:22 ` Michael Concannon
2005-10-06 21:05 ` Luke Kenneth Casson Leighton
2005-10-06 21:20 ` Luke Kenneth Casson Leighton
2005-10-06 21:53 ` Michael Concannon
2005-10-06 22:24 ` Luke Kenneth Casson Leighton
2005-10-06 22:41 ` Michael Concannon
2005-10-06 22:41 ` Michael Concannon
2005-10-07 1:05 ` Howard Chu
2005-10-08 22:27 ` Helge Hafting
2005-10-08 22:42 ` Luke Kenneth Casson Leighton
2005-10-05 0:59 ` Horst von Brand
2005-10-05 1:22 ` D. Hazelton
2005-10-05 5:49 ` Marc Perkel
2005-10-05 6:03 ` Valdis.Kletnieks
2005-10-05 9:24 ` Nikita Danilov
2005-10-05 9:56 ` Luke Kenneth Casson Leighton
2005-10-05 10:30 ` Nikita Danilov
2005-10-05 11:13 ` Luke Kenneth Casson Leighton
2005-10-05 12:17 ` Nikita Danilov
2005-10-05 12:36 ` Luke Kenneth Casson Leighton
2005-10-05 18:47 ` Horst von Brand
2005-10-05 23:03 ` Luke Kenneth Casson Leighton
2005-10-05 21:55 ` jmerkey
2005-10-05 23:36 ` Neil Brown
2005-10-05 22:21 ` jmerkey
2005-10-05 23:42 ` David Leimbach
2005-10-06 3:06 ` Horst von Brand
2005-10-06 10:54 ` Luke Kenneth Casson Leighton
2005-10-06 8:03 ` Valdis.Kletnieks
2005-10-06 9:31 ` Helge Hafting [this message]
2005-10-06 14:40 ` Horst von Brand
2005-10-06 18:34 ` Valdis.Kletnieks
2005-10-05 11:16 ` Luke Kenneth Casson Leighton
2005-10-05 13:21 ` Marc Perkel
2005-10-05 13:52 ` Nikita Danilov
2005-10-05 23:53 ` Helge Hafting
2005-10-05 16:36 ` Tim Bird
2005-10-05 13:45 ` D. Hazelton
2005-10-05 10:09 ` Luke Kenneth Casson Leighton
2005-10-05 10:23 ` Valdis.Kletnieks
2005-10-05 11:14 ` Luke Kenneth Casson Leighton
2005-10-05 14:17 ` Nix
2005-10-05 15:54 ` Rik van Riel
2005-10-05 15:58 ` Marc Perkel
2005-10-05 16:15 ` Al Viro
2005-10-05 16:23 ` Marc Perkel
2005-10-05 19:30 ` Lennart Sorensen
2005-10-05 22:48 ` Luke Kenneth Casson Leighton
2005-10-06 10:28 ` Nikita Danilov
2005-10-07 0:59 ` Joe Bob Spamtest
2005-10-07 0:25 ` Joe Bob Spamtest
2005-10-05 20:11 ` Luke Kenneth Casson Leighton
[not found] <4TiWy-4HQ-3@gated-at.bofh.it>
2005-10-02 22:43 ` Robert Hancock
2005-10-02 23:32 ` Gene Heskett
2005-10-02 23:41 ` Vadim Lobanov
2005-10-02 23:48 ` Rik van Riel
2005-10-03 3:50 ` Gene Heskett
2005-10-03 9:39 ` Jesper Juhl
[not found] ` <4U0XH-3Gp-39@gated-at.bofh.it>
2005-10-04 22:04 ` Bodo Eggert
2005-10-05 10:36 ` Luke Kenneth Casson Leighton
2005-10-05 23:12 ` Nix
2005-10-05 23:28 ` Luke Kenneth Casson Leighton
2005-10-05 23:49 ` Nix
2005-10-05 14:34 ` Nix
2005-10-05 14:41 ` Marc Perkel
2005-10-05 14:44 ` Lennart Sorensen
2005-10-05 14:48 ` Marc Perkel
2005-10-05 14:56 ` Lennart Sorensen
2005-10-05 15:08 ` Marc Perkel
2005-10-05 15:26 ` Lennart Sorensen
2005-10-05 19:16 ` Nix
2005-10-05 19:30 ` Marc Perkel
2005-10-05 20:26 ` Nix
2005-10-08 16:49 ` Denis Vlasenko
2005-10-05 19:40 ` Al Viro
2005-10-05 19:49 ` Marc Perkel
2005-10-05 19:55 ` Lennart Sorensen
2005-10-05 20:25 ` linux-os (Dick Johnson)
2005-10-05 20:31 ` Nix
2005-10-05 14:59 ` Nigel Rantor
2005-10-05 16:16 ` Bodo Eggert
2005-10-05 19:37 ` Florin Malita
2005-10-05 19:44 ` Marc Perkel
2005-10-05 19:52 ` Lennart Sorensen
2005-10-05 20:05 ` Marc Perkel
2005-10-05 20:23 ` Lennart Sorensen
2005-10-06 2:56 ` Horst von Brand
2005-10-06 3:50 ` Marc Perkel
2005-10-05 20:21 ` Valdis.Kletnieks
2005-10-05 20:58 ` Dave Neuer
2005-10-05 21:05 ` Bodo Eggert
2005-10-06 6:43 ` Steven Rostedt
2005-10-05 19:54 ` Bernd Petrovitsch
2005-10-07 0:11 ` Joe Bob Spamtest
2005-10-05 14:52 ` linux-os (Dick Johnson)
2005-10-05 14:57 ` Lennart Sorensen
2005-10-05 15:26 ` linux-os (Dick Johnson)
2005-10-05 15:24 ` Luke Kenneth Casson Leighton
2005-10-05 15:30 ` Lennart Sorensen
2005-10-05 15:42 ` Luke Kenneth Casson Leighton
2005-10-05 15:55 ` Lennart Sorensen
2005-10-06 15:41 ` Ragnar Hojland Espinosa
2005-10-05 14:55 ` David Leimbach
2005-10-05 16:25 ` Bodo Eggert
2005-10-05 16:41 ` David Leimbach
2005-10-05 19:21 ` Nix
2005-10-05 23:23 ` Luke Kenneth Casson Leighton
2005-10-06 9:53 ` grundig
2005-10-06 10:45 ` Tomasz Kłoczko
2005-10-06 15:18 ` Greg Norris
2005-10-05 20:27 ` Marc Perkel
2005-10-05 20:41 ` Julian Blake Kongslie
2005-10-05 20:51 ` Bas Westerbaan
2005-10-05 20:57 ` Julian Blake Kongslie
[not found] ` <4Uis4-4pZ-5@gated-at.bofh.it>
2005-10-05 17:43 ` Bodo Eggert
2005-10-05 19:27 ` Nix
2005-10-05 20:04 ` Bodo Eggert
-- strict thread matches above, loose matches on Subject: below --
2005-10-04 4:11 Martin Fouts
[not found] <mail.linux.kernel/20051003203037.GG8548@lkcl.net>
[not found] ` <05Oct4.173802edt.33143@gpu.utcc.utoronto.ca>
2005-10-05 12:07 ` Luke Kenneth Casson Leighton
2005-10-05 12:31 ` Jens Axboe
2005-10-05 13:35 ` Luke Kenneth Casson Leighton
2005-10-05 13:40 ` Jens Axboe
2005-10-05 15:29 ` Luke Kenneth Casson Leighton
2005-10-05 15:51 ` Jens Axboe
2005-10-05 16:38 ` Steven Rostedt
2005-10-05 23:24 ` Luke Kenneth Casson Leighton
2005-10-05 17:01 ` Dave Neuer
[not found] ` <161717d50510050957t2eaa3af0u8c6b3b4d327497a9@mail.gmail.com>
2005-10-05 23:05 ` Luke Kenneth Casson Leighton
[not found] <DE88BDF02F4319469812588C7950A97E9312A6@ussunex1.palmsource.com>
2005-10-06 0:03 ` Luke Kenneth Casson Leighton
2005-10-06 0:14 ` David S. Miller
2005-10-06 1:11 ` Nigel Rantor
2005-10-06 11:10 ` Luke Kenneth Casson Leighton
2005-10-06 15:44 ` Al Viro
2005-10-06 0:51 ` Howard Chu
2005-10-06 3:53 Nikolay N. Ivanov
2005-10-06 23:24 Joe Bob Spamtest
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4344EF0F.90402@aitel.hist.no \
--to=helge.hafting@aitel.hist.no \
--cc=Valdis.Kletnieks@vt.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=marc@perkel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.