sen-material: comparison handouts/ho04.tex

equal deleted inserted replaced

-:64e62d636737
+:fa151c0a3cf4
 \section*{Handout 4 (Access Control)}
 Access control is essentially about deciding whether to grant
 access to a resource or deny it. Sounds easy. No? Well it
 turns out that things are not as simple as they seem at first
-glance. Let us first look as a case-study at how access
+glance. Let us first look, as a case-study, at how access
 control is organised in Unix-like systems (Windows systems
 have similar access controls, although the details might be
 quite different).
 to make errors since the handling of elevating and dropping
 access rights in such programs rests entirely with the
 programmer.
 The fundamental idea behind the setuid attribute is that a
-file with this attribute will be able to run not with the
+file will be able to run not with the callers access rights,
-callers access rights, but with the rights of the owner of the
+but with the rights of the owner of the file. So
-file. So \pcode{/usr/bin/login} will always be running with
+\pcode{/usr/bin/login} will always be running with root access
-root access rights, no matter who invokes this program. The
+rights, no matter who invokes this program. The problem is
-problem is that this entails a rather complicated semantics of
+that this entails a rather complicated semantics of what the
-what the identity of a process (that runs the program) is. One
+identity of a process (that runs the program) is. One would
-would hope there is only one such ID, but in fact Unix
+hope there is only one such ID, but in fact Unix distinguishes
-distinguishes three(!):
+three(!):
 \begin{itemize}
 \item \emph{real identity}\\
 This is the ID of the user who creates
 the process; can only be changed to something else by root.

changeset 252	fa151c0a3cf4
parent 251	64e62d636737
child 257	9bc912fcedb6