[HN Gopher] No Love for Negative Permissions - DAC/ACL Bypass on...
       ___________________________________________________________________
        
       No Love for Negative Permissions - DAC/ACL Bypass on Linux
        
       Author : Deeg9rie9usi
       Score  : 27 points
       Date   : 2023-08-31 17:13 UTC (5 hours ago)
        
 (HTM) web link (blog.sigma-star.at)
 (TXT) w3m dump (blog.sigma-star.at)
        
       | gneray wrote:
       | "Negative permissions have consistently been regarded as bad
       | practice and often treated as theoretical concept...If you find
       | yourself reliant on them, consider one of the following actions:
       | Restructure your permissions into proper allow rules; this is the
       | most recommended approach."
       | 
       | This resonates. Negative permissions can be a real footgun, which
       | is why we are being very surgical on if/where to introduce them
       | at Oso[1]
       | 
       | [1] https://www.osohq.com/
        
         | NikkiA wrote:
         | They were even generally considered a bad idea back on VMS' ACL
         | system.
        
           | gdgghhhhh wrote:
           | Funny to see them used as example by a tutorial from Red hat:
           | 
           | https://www.redhat.com/sysadmin/linux-access-control-lists
        
             | [deleted]
        
       ___________________________________________________________________
       (page generated 2023-08-31 23:01 UTC)