DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Guidelines for writing trusted software

Installing trusted commands and data

As much care must be put into defining the privileges and access control settings appropriate for a command as goes into writing the command and designing its data. The discretionary access and privilege mechanisms serve no purpose if these controls are not set appropriately on the command and data files installed by a software package.

For example, if you simply assign all fixed privileges to a command on installation, this effectively overrides all system controls for the command. A malicious user could exploit this fact to gain access to files and data unintended by the command's designers.

This section establishes principles upon which installation decisions can be made.


Next topic: Assigning access controls
Previous topic: Executing commands

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 27 April 2004