[Dshield] Flavors of Linux

Brian Dessent brian at dessent.net
Sun Oct 3 05:22:54 GMT 2004


jayjwa wrote:

> Files and directories have owners, groups, and permissions. There's such
> fine-grain control as searching directories, reading, writing, and
> executing for each of the three classes: owner, group, and everyone else.
> Beyond this, there are additional features, such as setting uid, guid,
> amd immutable flags. Last time I checked, Windows had little more than +a,
> +h, +s with  'attrib', from the days of DOS, and those aren't security
> properties at all. I've seen very few Windows systems run with other than
> Administrator access. Most users aren't even aware that muliple logins and
> users are possible. Even so, even this doesn't fully protect all the files
> it should. The FS is just one example.

Ummm, hell no.

Windows ACLs provide much finer grain control than posix-style
permissions.  The comparison isn't even close.  You obviously haven't
used Windows in a while if you think "H R S A" are the only attributes a
file can have.  (Hint: nobody uses FAT.)

<http://www.microsoft.com/Resources/Documentation/windowsserv/2003/all/techref/en-us/w2k3tr_acls_how.asp>
<http://www.microsoft.com/Resources/Documentation/windowsserv/2003/all/techref/en-us/w2k3tr_randp_how.asp>
<http://www.ss64.com/nt/xcalcs.html>
<http://setacl.sourceforge.net/html/examples.html>
<http://www.pcguide.com/ref/hdd/file/ntfs/sec.htm>

Brian



More information about the list mailing list