[rsbac] ACL changes proposition

Michal Purzynski albeiro at zeus.polsl.gliwice.pl
Wed Sep 1 21:23:15 CEST 2004


i would like to propose small change in ACL
for now having rule disalowing user from accesing some object it does not
mean that he will not be able to access it, because of inheritance rules.
why not change ACL is such a way, that if there is no access rule
for subject to object, inheritance will step in (like it is now <correct
me>) but in case if we have this rule inheritance would not be taken into
account ?
so as an example:

user badcracker1 does not have any rules determinating his access to file
topsecret1, so ACL calculates them from inheritance


if we have rule (dis)allowing access to topsecret file by user badhacker1
this rule is the _one_ and the _only_ rule determining his access to that
object, without inheritance.

so generaly rule that is most tight gives out finally answer about access

it should be adopted to all of ACL subjects of course

second thing (i am not conviced to it as i am to previous idea)

if subject has access to /dir/file it is required to for him to have
search (get_status_data also ?) access to /dir
this way it can not get information about /dir content, but one could
'poke' to gues what it contains.
here my idea goes...

if subject has access to /dir/file and not to /dir it _can_ go throught
/dir but only to /dir/file and not anything else in this dir.

i hope it is all not complicated and that i made my mind clear, fell free
to ask.
please comment on both ideas



More information about the rsbac mailing list