Why Does UNIX Need Protecting?
Many operating systems have built-in access control, using one technique or another. IBM z/OS, a well-established and mature mainframe operating system, includes the System Authorization Facility (SAF). SAF is a set of calls that the operating system issues to verify the authorization of a user.
cminder140
Many operating systems have built-in access control, using one technique or another. IBM z/OS, a well-established and mature mainframe operating system, includes the System Authorization Facility (SAF). SAF is a set of calls that the operating system issues to verify the authorization of a user.
Access control software in a z/OS environment sets a return code for the SAF call and z/OS grants or denies access according to the code. The decision of what return code to set is based on the access rules and policies defined in the security database by the security administrator.
Other operating systems, such as OS/2, provide similar techniques for access control. The OS/2 access control module, named Security Enabling Services (SES), is based on the same concept as z/OS SAF.
Unfortunately, UNIX-based operating systems were not designed this way. Authorization decisions are made mainly for file accesses. The operating system performs these decisions using the 9 bits (rwx-rwx-rwx) in the
inode
entry of the file. Unlike SAF, no exit point for event interception is provided. Therefore, further security is necessary to perform functions that are more complex than those functions of mainframe-type security packages.