Page 295 - DCAP103_Principle of operating system
P. 295
Principles of Operating Systems
Notes programs mishandling or malware sabotage of the interrupts could trigger the collapse of
the whole system.
Show or explain how to use firewall insecurity of operating system.
9.1.2 Access Control Lists
Traditional UNIX access control is a type of discretionary ACL. The number of possible actions
are grouped into four categories—read, write, execute, and special operations normally reserved
for an object owner. The list of actors associated with each object is rather restricted, simplifying
both the implementation and the user experience. There are three actors listed—owner, group,
and other. An actor gets the permissions of the first of those that it qualifies as. The owner always
gets special operations that the others do not get. The group is an indirect reference to a list of
actors specified elsewhere, and thus is a form of compression. The “other” is just that, all other
actors. Through the creation of groups, traditional UNIX access control can provide a great deal
of power. The creation of groups is normally limited however, often being an administrative
action that requires human approval.
The action categories may be more or less fine-grained. NetWare uses read, write, create, erase,
modify, file scan, access control, and supervisor. A system may split the normal “write” category
into overwrite and append. A system may lack an “execute” category, instead simply requiring
read access to execute a file.
Many systems allow for somewhat arbitrary lists of actors to be associated with each object. This
includes Windows, modern UNIX-like systems including Linux, and Netware. The list might
support a dozen entries or a few hundred entries, as determined to be a good compromise
between performance and control.
An interesting innovation in ACLs has been hierarchical actors. For example, the VST a OS used
decimal, dot-delimited actor identifiers. In this scheme, a userid is a series of decimal numbers
seperated by dots (eg, 1.85.23.323.888) and if a user possesses a userid which corresponds to
the object’s userid up to its end, then the user owns the object. So for example, a user possesing
userid 1.85.23 would own any object assigned to 1.85.23.323.888 whereas the object itself (whether
another user or program) wouldn’t be able to access other objects owned by 1.85.23. This scheme
allows for the dynamic creation of a hierarchy of users and subusers. A weaker form of this,
compatible with the vast body of POSIX software, can be had by providing a mechanism for
users of a UNIX-like system to create and control groups.
An access control list (ACL) is a table that tells a computer operating system
which access rights each user has to a particular system object, such as a file
directory or individual file.
9.1.3 Capabilities
Capabilities are unforgeable references to objects that let their holder access a well-defined subset
of operations defined on that object.
288 LOVELY PROFESSIONAL UNIVERSITY
