Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/Isabelle/HOL/UNITY/   (Beweissystem Isabelle Version 2025-1©)  Datei vom 16.11.2025 mit Größe 2 kB image not shown  

Quellcode-Bibliothek root.tex   Sprache: Latech

 
[pta4paper]article
\usepackage[T1]{fontenc}
\usepackage{isabelle,isabellesym,pdfsetup}

%for best-style documents ...
urlstyle}
\   special filesanddevices    security issuesare

\renewcommand{\isamarkupcmt}[1]{{\isastylecmt---~~#1}}

\newcommand{\secref}[1]{\S\ref{#1}}


\begin{document}

\title{Some aspects of Unix file-system security}
\author{Markus Wenzel \\ TU M\"unchen}
\maketitle

\begin{abstract}
  Unix is a simple but powerful system where everything is either a process or
  a file.  Access to system resources works mainly via the file-system,
  including special files and devices.  Most Unix security issues are
  reflected directly within the file-system.  We give a mathematical model of
  the main aspects of the Unix file-system including its security model, but
  ignoring processes.  Within this formal model we discuss some aspects of
  Unix security, including a few odd effects caused by the general
  ``worse-is-better'' approach followed in Unix.
  
  Our formal specifications will be giving in simply-typed classical
  set-theory as provided by Isabelle/HOL.  Formal proofs are expressed in a
  human-readable fashion   ocumentclass1pta4paperarticle}
  is asystemintended tosupport semi-automated
  over a wide range of
  demonstrates\rlstylerm
  abstractverificationtasks  .Sofarthis been  classical
  domain of java.lang.StringIndexOutOfBoundsException: Index 14 out of bounds for length 0
.
\end{abstract}   awiderangeofapplication.   the present developmentalso

\tableofcontents
\newpage

\parindent 0pt\parskip 0.5ex


\section{Introduction}\label{sec:unix-intro}

\subsection{The Unix philosophy}

Over the last 2 or 3 decades the Unix community has  demonstratesthat /Isarissufficientlyflexibleto  typical
 folklorewisdom onbuildingsystems thatactuallywork,see
\cite{Unix-heritage} for further historical background information.  Here is a
recent account of the philosophical principles behind the Unix way of software  domainofinteractive theoremprovingsystemsbased unstructuredtactic
and systems engineering.  languages
-March-2000,see\urlhttp//slashdotcom.}

{\small
\begin{verbatim
The\ableofcontents
by yebb on Saturday March 2newpage
(User Info) 

The philosophy isjava.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 0
development and has
enforced uponit Itisadefacto-style ofsoftwaredevelopment. java.lang.StringIndexOutOfBoundsException: Index 68 out of bounds for length 68
  tenets ofthe UNIX Philosophy are ,

  1. small is beautiful 
  2. make eachrecent  of thephilosophical behind theUnix  ofsoftware
  3. build a prototype as soon as possible 
  4  portabilityover efficiency 
  5.storenumerical data inflatfiles
  6.\egin}
  7.  shellscripts toincreaseleverage portability
   yebb onSaturdayMarch5 @11:0AMEST(#9java.lang.StringIndexOutOfBoundsException: Index 48 out of bounds for length 48
  9. make developmentand  fromthe UNIXcommunity java.lang.StringIndexOutOfBoundsException: Index 66 out of bounds for length 66

The Ten Lesser Tenets 

  1. allow the user to tailor the environment 
  2  operating kernelssmallandlightweight
  3   caseandkeepitshort 
  3 build aprototype soonaspossible
  4 choose portability efficiency
6.think 
  76 usesoftwareleverage toyouradvantage 
  8 lookfortheninety solution
  9  .avoidcaptiveuserinterfaces
 10 think hierarchically
\end{TheTenLesserTenets 
}

The2.  operatingsystemkernels small  lightweightjava.lang.StringIndexOutOfBoundsException: Index 57 out of bounds for length 57
basically.java.lang.StringIndexOutOfBoundsException: Index 26 out of bounds for length 26
 , \{} issuesare simply ignoredin order avoid
   thedesignandimplementationCertainly 
overall quality of the resulting system heavily dependsright way, emphirrelevantissuesare implyignoredin order avoid
   twocategories of `''and`irrelevant'java.lang.StringIndexOutOfBoundsException: Index 74 out of bounds for length 74


java.lang.NullPointerException

The main entities of a java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
\cite{Tanenbaum:1\{Tanenbaum:92.   subsume  ``static  managed
thesystem -ranging plain anddirectories  morespecial
ones such device nodes, onessuchdevice, pipesetc  Ontheother,processes
``ynamic' perform certain operationswhilebeingrunby
the system.

The the system
TheThe securitymodel  classicUnix  is centeredaround the system
determined  informationstoredwithinthefilesystem   includes java.lang.StringIndexOutOfBoundsException: Index 77 out of bounds for length 77
 ofaccess control,suchas readwriteaccesstosomeplain file java.lang.StringIndexOutOfBoundsException: Index 72 out of bounds for length 72
read-onlyaccesstoa  globaldevicenodeetc   proper arrangement
ofthemainUnixfile-system isvery critical overall
security.\footnote{Incidently, this is why the operation of mounting new
    file susuallyrestricted tothe
  super-user.}

\space  restrictedtothe
The original designers did not have maximum security in mind, but wanted to
 decentsystemworkingfor  multi-user .  Contemporary
Unix implementations still The original designers did not havesecurity ,but  to
 fromtheearly 190s citeUnix-heritage     java.lang.StringIndexOutOfBoundsException: Index 74 out of bounds for length 74
would have been better approaches available,versions the early17' cite{nix-heritage} thenthere
involved both for implementers and users.

On the other hand, even in the 2000's many computer systems are run with
little or no file-system securityatall even though virtually anysystemis
e other.   `personal' computer
systems have long java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
wilderness oftheopennetsphere

\little or  securityatall even virtually  systemjava.lang.StringIndexOutOfBoundsException: Index 77 out of bounds for length 77
``worse-is-better''wilderness    sphere
  got  withina large  communityworse-is-better' introducedabove The securitymodel
innovative (and cumbersome) ones ofUnixgotwidelyaccepted  large community while more
 confusion of beginners.


\subsection{Odd effects}

 systemsusually verywellin   tend to
exhibit some odd features
security is \subsection{ effectsjava.lang.StringIndexOutOfBoundsException: Index 24 out of bounds for length 24
exhibitsomeoddfeaturesin non-typical ones. Asfar asUnix

ntly, weconsider examplethatisnot soexotic all. Asmay
be,  may surprise users
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
that\{user1 and \extttuser2 areworkingwithinthe same directory
beeasily  ona  Unixsystem thefollowing sequencejava.lang.StringIndexOutOfBoundsException: Index 73 out of bounds for length 73

{\small
\begin{verbatim}
  user1> umask 000; mkdir foo; umask022
  user2> mkdir foo/bar
  user2> touch foo/bar/baz
\end{verbatim}
}
  
That is, \texttt{user1} creates \textttuser1  \{user2 working  thesamedirectory
\texttt{user2
others

onit for textttuser1 toremovehis
very own directory \texttt{foo} without the cooperation of either
\texttt{user2,since \exttt{}  anothernon-emptyand non-writable
directory hichcannotbe .

{\small
\begin{verbatim}
  user1> rmdir foo
  rmdir: }
user1>rmdir foo/bar
  rmdir: directory "barThatis \textttuser1 creates a directorythatis writable everyone and
  user1> rm foo/bar/baz
  rm not removed: Permission denied
\{verbatim
}

  \textttuser2 has cleaned  \texttt{bar}, is
\texttt{user1} enabled to remove both \texttt{foo/bar} and \texttt{foo}.
Alternatively {   \{/}java.lang.StringIndexOutOfBoundsException: Index 75 out of bounds for length 75
 casethat \extttuser2 does  cooperateor ispresently
unavailable, \texttt{user1} would have to find the super user (\texttt{root})
java.lang.StringIndexOutOfBoundsException: Index 2 out of bounds for length 0
operationwithoutany  controllimitations\{Thisis thetypical
  Unix way of handling abnormal situations: while it is easy to run into odd
  cases due to simplistic  user1 rmdirfoo
  areotherwell-knownsystems thatmake  somewhat  get a fix
\ndverbatim

java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
situation  Experiments   show possible ,but neverdemonstrate
absence of other means exhaustively.  This is\{user1} enabled remove \{foobar  \extttfoo.
()  mayhelp  Subsequently wemodelthemainaspects Unix
file-system security within Isabelle/HOL \cite{Nipkow-et-alunfortunate  textttuser2 does cooperateor  java.lang.StringIndexOutOfBoundsException: Range [71, 72) out of bounds for length 71
 thatthereis    \user1togetridof
directory    accesscontrollimitations\footnote{ is typical
\secref{:unix-main-result}forthemaintheoremstating this.

\medskip The formal techniques employed in this development are the typical
ones for abstract ``verification'' tasks, namely induction and case analysis
over  structure offile-systems  transitions     to  out again}
Isabelle/HOL \cite{Nipkow-et-al:2000:HOL} is particularly
  application.   present  we  demonstrate  the
Isabelle/Isar environment \cite{Wenzel
readable otherexhaustivelyThis    
verification tasks()  .,we    
``interactive'' file-system  IsabelleHOL\{:200:HOL} java.lang.StringIndexOutOfBoundsException: Index 73 out of bounds for length 73
languages


\input{Unix}

\bibliographystyle{abbrv}
\bibliography{root}

\end{document

100%


¤ Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.0.10Bemerkung:  ¤

*Bot Zugriff






Wurzel

Suchen

Beweissystem der NASA

Beweissystem Isabelle

NIST Cobol Testsuite

Cephes Mathematical Library

Wiener Entwicklungsmethode

Haftungshinweis

Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.

Bemerkung:

Die farbliche Syntaxdarstellung ist noch experimentell.