Originally Posted by kolla
No, was aimed at daxb. And yes, it does.
I would rathet have you explain how it is not relevant - the model of having many "users" and "groups" to create layers of access to gain security in operating systems is way old now and used in just about all OSes. Software that is exposed to Internet and has a port it listens to, should run in its own "user space" with limited access to the rest of the system. This is what all system users and groups are for on *ix and WinNT - in case there is a way to exploit the software from remote, damage is limited by the software not having wide access, some sort of local superuser exploit is also needed for that. Likewise, the person operating the system should protect him/her self from having the system compromized, by not giving super user access to mundane applications that have no use for that kind of access.
User space/kernel space is one kind of division. Allowing different processes (Unix term) accessing different things is another.
But you seem to think this kind of division have anything to do with multi-user support. Multi-user support in it self is the support of several users, not anything to do with either protection _or_ security.
Do you agree with that? Otherwise this discussion can't lead anywhere.
Do you know other models for implementing general security in Operating Systems? If so, I am very intested.
I do, yes. Among those are capabilities.