Linked by Thom Holwerda on Thu 5th Mar 2009 13:27 UTC
Windows For Windows 7, Microsoft has made some changes to User Account Control to counter the criticism that UAC was too intrusive. It didn't take long before several holes were poked in Windows 7's default UAC settings, and now one is left to wonder: is it wise to sacrifice security for (perceived?) usability? Ars has an editorial that deals with this question.
Thread beginning with comment 351875
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Comment by hraq
by Adam S on Thu 5th Mar 2009 20:40 UTC in reply to "RE: Comment by hraq"
Adam S
Member since:
2005-04-01

I'm confused. The standard file permissions on UNIX (e.g. 755) are an ACL. Extended ACL bits, like the mask, are also available. Furthermore, SELinux gives you even more granular MAC (mandatory access control) policies.

So how can you say Linux/Unix doesn't have access control?

Reply Parent Score: 1

RE[3]: Comment by hraq
by Morph on Thu 5th Mar 2009 21:11 in reply to "RE[2]: Comment by hraq"
Morph Member since:
2007-08-20

Call unix's 9 rwxrwxwx bits an `ACL' if you like, but it's a very short and limited one - compared to NT ACLs. In NT you can specify a permission like 'User Alice is allowed to append to this file, but not truncate it. Bob is allowed to create subfolders in this dir, but not new files.' Also permissions can be inherited from a folder to its subfolders & files. You can't do those things with old 9 bit unix permissions.

Linux & other OSs do have better ACLs *now*, but they didn't in 1990 when NT was developed. One might wonder how much they copied from NT's ACL design? ;)

Edited 2009-03-05 21:12 UTC

Reply Parent Score: 3

RE[4]: Comment by hraq
by jabbotts on Fri 6th Mar 2009 14:14 in reply to "RE[3]: Comment by hraq"
jabbotts Member since:
2007-09-06

man chattr

The letters 'acdijsuADST' select the new attributes for the files: append only (a), compressed (c), no dump (d), immutable (i), data journalling (j), secure deletion (s), no tail-merging (t), undeletable (u), no atime updates (A), synchronous directory updates (D), synchronous updates (S), and top of directory hierarchy (T).

"a".. append only

Granted, it's file attributes in addition to the security attributes attached to the file. It's not unique to Windows ACL though.

Reply Parent Score: 2

RE[4]: Comment by hraq
by Milo_Hoffman on Fri 6th Mar 2009 14:45 in reply to "RE[3]: Comment by hraq"
Milo_Hoffman Member since:
2005-07-06

>Also permissions can be inherited from a folder to its
>subfolders & files. You can't do those things with old
>9 bit unix permissions.

$ chmod g+s <topleveldir>

Reply Parent Score: 2