next up previous
Next: Bell LaPadula Model Up: Protection Previous: Multics Rings


Unix provides a simplified version of the Multics access control mechanism to change the access rights of a process dynamically. A process can switch between user and kernel mode. Moreover, in user mode, a process executing with the access rights of one user, when it executes a file owned by another user gets the access rights of the second user if a bit (called SETUID) in the object file is on. This feature supports rights amplification and easily handles the mail example. The mail program is owned by root and has its SETUID bit on. When the command interpreter subprocess forked to process the `mail command' executes the mail program it acquires the access rights of root and can create/modify a file (owned by the receiver) in the directory `/usr/spool/mail'.

Prasun Dewan
Mon Nov 4 12:08:34 EST 1996