Mis-set protections on files, directories, systems, or
components are exploited to examine, modify, delete, or otherwise disrupt
normal operation.
Complexity: Setting protections properly is not a trivial
matter, but there are linear time algorithms for automating settings once
there is a decision procedure in place to determine what values to set
protection to. No substantial mathematical analysis has been published in
this area and no results have been published for the complexity of building
a decision procedure, however it is known that, under some conditions, it is
impossible to have settings that both provide all appropriate access and
deny all inappropriate access.
[Cohen91] It is known to be undecidable
for a general purpose subject/object system whether a given subject will
eventually gain any particular right over any particular object.
[Harrison76]
fc@red.a.net