Translate

Translate to EnglishÜbersetzen Sie zum Deutsch/GermanΜεταφράστε στα ελληνικά/GreekПереведите к русскому/RussianOversetter til Norsk/NorwegianÖversätta till Svensk/Swedishहिन्दी अनुवाद करने के लिए/Hindi
Tradueix al català/CatalanTulkot uz latviešu/LatvianPreložiť do slovenčiny/SlovakVertaal aan het Nederlands/Dutchترجمة الى العربية/ArabicTraduzca al Español/SpanishTraduisez au Français/French
Traduca ad Italiano/ItalianTraduza ao Português/Portuguese日本語に翻訳しなさい /Japanese한국어에게 번역하십시오/Korean中文翻译/Chinese Simplified中文翻译/Chinese TraditionalПереклад на українську/Ukrainian
Image of Modern Operating Systems (3rd Edition)
Image of RHCE Red Hat Certified Engineer Linux Study Guide (Exam RH302) (Certification Press)
Image of Beginning Google Maps API 3
Image of Linux Kernel Development (3rd Edition)

Linux Security Capabilities

In earlier times, the standard security model for GNU/Linux and Unix operating systems gave general users a minimal set of privileges, while granting full privileges to a single user account, i.e. root, that was used to administer the system and users, install software, mount and unmount filesystems, loading kernel modules, bind a process to a privileged port and run many services.

This dependence upon the root account to perform all actions requiring privilege was recognized to be somewhat dangerous in that it was all or nothing and not suited to compartmentalization of roles.  Furthermore, it increased the risk of vulnerabilities within a setuid application which may only require root privileges for a very small fraction of its activity such as opening a system file or binding to a privileged port.

This risk was well understood within the open systems community.  As a result, IEEE Std.1003.1e (aka POSIX.1e or POSIX.6) was a major effect started in 1995 to develop a standardized set of security interfaces for conforming systems which included access control lists (ACL), audit, separation of privilege (capabilities), mandatory access control (MAC) and information labels.

The work was terminated by IEEE’s RevCon in 1998 at draft 17 of the document due to lack of consensus (mostly because of conflicting existing practice.)  While the formal standards effort failed, since then much of the draft standard has made its way in the Linux kernel including capabilities which this post explores.

First, what do we mean by Linux capabilities?  It is basically an extended verion of the capabilities model described in the draft POSIX.1e standard.  Readers familiar with VMS or versions of Unix which include Trusted Computing Base (TCB) will recognize it as being somewhat analogous to as privileges.  These capabilities partition the set of root privlileges into a set of distinct logical privileges which may be granted or assigned to processes, users, filesystems and more.  As an aside, the term capability originated in a 1966 paper by Jack Dennis and Earl Van Horn (CACM vol 9, #3, pp 143-155, March 1966.)  Capabilities can be implemented in many ways including via hardware tags, cryptography, within a programming language (e.g.Java) or using protected address space.  For a introduction to capability-based mechanisms go here.  Linux uses protected address space and extended file attributes to implement capabilities.

A capability flag is an attribute of a capability.  There are three capability flags, named permitted (p), effective

May 28th, 2009 | Tags: , | Category: Fedora 11, Linux, linux capabilities, POSIX.1e | Comments are closed

Windows Parallel Filesystems

I recently was involved in some development work for a quasi-parallel filesystem for Microsoft Windows.  As a result of that involvement my interest was piqued and I decided to do so research on what the state of research and development is in the field of parallel filesystems designed specifically for Microsoft Windows.

First a quick review of what I mean by a parallel file system.  There are any number of different types of parallel file systems available.  Some allow multiple systems and applications to share common pools of storage as in a clusered filesystem.  Some split the data across two or more nodes to improve access time and redundancy.  Other variants split files into lots of small chunks, stores these chunks on different disks in a round-robin fashion, and re-combine them upon reading to get back the original file.

The earliest instance of Microsoft Windows-specific parallel fileystem that I have found to date is the parallel filesystem developed by the ARGOS group at Universidad Carlos 111 de Madrid, Madrid, ES.  This research group developed a prototype of a parallel file system for a network of Microsft Windows nodes which they called WinPFS.  They presented their work at COSET 2004 and a number of other workshops.  WinPFS was implemented as a new fileyystem type fully integrated within the Microsoft Windows kernel.  This has the advantage that no modification or recompilation of user applications is needed to take advantage of the parallel filesystem.

The goal of this research group was to build a parallel file system for networks of Microsoft Windows computers using Microsoft Windows shared folders to access remote data in parallel. The implementation is based on file system redirectors which redirect requests to remote nodes using UNC (Universal Naming Convention) and the SMB and/or CIFS protocols. WinPFS is registered as a virtual remote file system and access to remote data is through a new shared folder \\PFS.  The basic file operation primatives are: create, read, write, and create directory.

The prototype was developed on the Windows XP platform, and has been tested with a cluster of seven Windows XP nodes and a Windows 2003 Server node in various configurations.  Maximum throughput for write operations were 250 Mbit/s and 1200 Mbit/s for read operations.  The research team reported that the bottleneck for writes was the disks and for reads was the network.  As far as I can tell this

May 26th, 2009 | Tags: | Category: Windows parallel filesystem | Comments are closed

KSH93 Message Localization

ksh93 supports localization of internal error messages and getopts messages but localization of user messages in shell scripts is flawed. This post examines the issue and shows you how to easily support shell script message catalogs.

May 23rd, 2009 | Tags: , , , , | Category: ksh93 | Comments are closed

Charles Merton Richmond RIP

Yesterday my old friend and collegue Charles Merton Richmond (Charlie) died at home in Cebu PH of a massive heart attack. We go back a long time and worked on many projects together.

May 6th, 2009 | Category: Uncategorized | One comment - (Comments are closed)