The one known as "Steven Edwards" hath scripted: --------------------------------- The unix security design of users and groups with permissions is not bad its just outdated. The nice thing about Unix is adding new security modules via PAM is not to bad except they are only for authentication. The unix concept of groups, users and permissions needs to be moved forward about 20 years. The SELinux stuff has really helped alot in this regard. (Please dont flame its the truth) -----------------------------------
Looking at security from a Unix up to windows through WINE as opposed to looking down to UNIX from Windows through WINE, I have do disagree. The UNIX security system is not really "outdated" just "diffrent". One of the reasons why it's still around after 20 years is because it works.
As I have never owned Windows after ME drug it's carcass across the computing landscape, I don't really quite grok windws security anyway. From futzing with an XP box at work, I don't see any real obvious way of locking down permissions on files and such. Right click/properties on a file gives me the same tierd DOS flags that haven't changed since DOS 3.0 I don't see anyting that's blocking me from deleting, say, advapi32.dll with extreame prejudice. If I went into my /lib dir and tried a rm -fr as a normal user, my system will kindly tell me to go away and play in my /home directory.
The question is quite intresting. How does one "translate" a security philosophy? Do we want to give WINE the ability to hijack wsock32.dll? (wsock32.dll.so) This is often done with ISP proprietary installers, *COUGH*-AOL-*COUGH*, and various spyware apps.
Has this been considered?