Reply to post: Re: The real culprit

Get root on an OS X 10.10 Mac: The exploit is so trivial it fits in a tweet

Anonymous Coward
Anonymous Coward

Re: The real culprit

It's a long time since I worked on VMS but as I recall a user had a set of current privileges and a set of allowed privileges. The current privileges we provided at logon (minimal) and the allowed privileges could be given (by the user) to execute higher level things. Only the admin had all privileges in their allowed list. Everything else was on a need basis, assigned by the admin. Moreover, the admin could install a program with a particular privilege set, so that an unprivileged user could do something at a higher privilege, but only in the context of that running program. I thought this was a very smart way of handling privilege escalation, and better than anything I've seen since. But then VMS was better than anything I've seen since in so many ways.....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019