The P1003.6 Working Group is currently resolving ballot objections to an IEEE ballot for the POSIX.6 interface and utility standards. The ballot ended February, 1993. After making adjustments to the POSIX.6 standards based on the ballot objections, the standards are projected to be re-balloted in the 1993 summer-fall timeframe.
A few prominent issues have surfaced as a result of the recent ballot. One issue is the inclusion of the set of specific privileges defined in the standard. Some who balloted feel that the privileges specified are not granular enough, and some feel that they are too granular. Some who balloted also feel that there is not enough flexibility for those who may not want to require all the specified privileges in their privilege policies.
Another issue is the inclusion of a masking feature that is used with ACLs. When an application needs to temporarily lock a file, the application can make a call to chmod() with the permissions set to 0,0,0 (meaning no one has access). Many existing applications use this type of file locking. When the lock is no longer required, the permissions are set back to their original state. The mask feature allows the chmod() call with permissions set to 0,0,0 to work with an ACL. This provides both portability and backward compatibility to some extent. However this feature also creates more complexity in the access check algorithm, updating ACLs, and other functions. Currently, this feature is not defined by POSIX.6.
The last issue discussed here concerns the use of multi-level directories. A multi-level directory is one in which files of different label levels exist. The /tmp directory is an example of a possible multi-level directory. Interfaces were specified by POSIX.6 for reading and writing multi-level directories, but have since been removed. Currently, multi-level directories are not part of the POSIX.6 standard. These issues will have to be resolved in order for the standard to become stable.
In 1991, the Distributed Security Study Group was formed to study and determine future areas of security that need to be addressed in a POSIX environment. The group focused on distributed environments, an area that was specifically excluded from the original POSIX.6 work. A framework document was produced that examines existing POSIX efforts and how these efforts relate to each other, and also proposes areas of future standardization efforts. As a result of this framework document, the P1003.6 Working Group is currently turning their attentions to the following proposed areas: