Archive for 四月, 2006


【2006.04.26工商時報】林淑惠/台北報導

四月初,許勝雄親自跑了一趟震旦大樓,在那裡,陳永泰跟許勝雄,這一對廿多年的老朋友,閒聊幾句,就敲定了這宗入股案。

對許勝雄來說,陳永泰是「廿多年的患難之友」,他以「牢不可破的患難真情」形容倆人的私交篤厚。

其實,中華電信在農曆年後閃電宣佈神腦及聯強成為今年的年度手機採購代理商之後,也宣佈了震旦的發展空間、將越走越小。原本還是中華電信三家代理商之一的震旦通訊處境,頓時陷入窘境。不僅僅來自中華電一年廿多億元、占震旦通訊年度營收近三分之一的挹注瞬間轉空,已進駐中華電信各營業處所的一百零七位駐點人員,去年底才剛簽滿一年合約,震旦立即要面臨不知如何處置的為難。

而此時,許勝雄入股震旦,算是為震旦在逆境中開出了一條生機。

讓許勝雄「輕快」決定入股震旦,除了發展3G服務考量,其實,在他內心、深藏了廿多年對陳永泰的感恩。

廿年前,一把火,燒光了仁寶廠房,就在許勝雄正不知如何籌錢善後時,陳永泰打了一通電話,表明要把七千萬元放在許勝雄的戶頭上,好讓往來銀行「吃定心丸」。雖然,這筆錢因為許勝雄父親許潮英協助增資度過難關、而始終未曾存入許勝雄的戶頭,不過,也因為這把火,燒出了倆人的「革命情感」。

金仁寶發展計算機之初,許勝雄還曾帶著當時還在金寶公司擔任總經理的溫世仁、時任總工程師的現任廣達集團董事長林百里到震旦位在高雄的真益公司觀摩技術。等到金仁寶在全球計算機市場占有一席之地,陳永泰則帶著一批震旦幹部到金仁寶「就教」。

要說雙方唯一的業務來往,只有在震旦代理日本夏普IC及LCD零組件時,金仁寶曾經採購過,若說資金上的合作,這次(威寶入股震旦 )還是第一遭。雖然,雙方的合作是「意在言中」,不過,了解內情的人都知道,許勝雄懷抱著感恩的心情,正是背後促成這樁合作案最大的功臣。

廣告

What Is A Permission, by Keith Brown

http://www.pluralsight.com/wiki/default.aspx/Keith.GuideBook.WhatIsAPermission

Throughout my discussions of access control and ACLs in this book, I will often talk about permissions as numbers. For example, I might talk about 0x1FF as being a set of permissions, or granting “permission 1 and 2″ to someone. What I’m doing is being very generic and using literal access masks or numbered permissions. I’m not specifying just what types of objects I’m talking about; I’m just talking about how access control works for all different types of objects.

So let’s make this concrete and look at some examples of permissions for some specific types of objects in Windows. Let’s start with, oh, a registry key. Peeking at a Win32 header file called winnt.h shows us the following1:

 // excerpt from winnt.h
#define KEY_QUERY_VALUE (0x00000001)
#define KEY_SET_VALUE (0x00000002)
#define KEY_CREATE_SUB_KEY (0x00000004)
#define KEY_ENUMERATE_SUB_KEYS (0x00000008)
#define KEY_NOTIFY (0x00000010)
#define KEY_CREATE_LINK (0x00000020)

Let’s also look at the permission definitions for a thread:

 // excerpt from winnt.h
#define THREAD_TERMINATE (0x00000001)
#define THREAD_SUSPEND_RESUME (0x00000002)
#define THREAD_GET_CONTEXT (0x00000008)
#define THREAD_SET_CONTEXT (0x00000010)
#define THREAD_SET_INFORMATION (0x00000020)
#define THREAD_QUERY_INFORMATION (0x00000040)
#define THREAD_SET_THREAD_TOKEN (0x00000080)
#define THREAD_IMPERSONATE (0x00000100)
#define THREAD_DIRECT_IMPERSONATION (0x00000200)

If you wanted to grant Alice permission to create a new registry key under some existing key, you’d edit the existing key’s DACL and add an ACE ( What Is An Access Control List ) that grants Alice the KEY_CREATE_SUB_KEY permission. Pretty simple. But look at those permissions again and tell me how you’d grant Alice the permission to delete the key she just created!

That’s right, the registry subsystem doesn’t bother defining a permission for deleting a key. That’s because it’s such a common permission (most secure objects can be deleted) that it’s included as part of a standard set of permissions that are common across all types of objects. Here are the standard permissions that are allowed to be put in an ACL:

 // excerpt from winnt.h
#define DELETE (0x00010000L)
#define READ_CONTROL (0x00020000L)
#define WRITE_DAC (0x00040000L)
#define WRITE_OWNER (0x00080000L)
#define SYNCHRONIZE (0x00100000L)

Compare the numerical layout of the standard permissions to the specific permissions defined for registry keys. Note how the standard permissions all fall in the upper word of the 32 bit mask, while the specific permissions are defined in the lower word. Notice the same technique is used for the thread permissions. You see, each class of object is allowed to define up to 16 specific permissions, and they must all be in that lower word, so they don’t conflict with permissions Microsoft has already defined for all objects, such as the standard permissions shown above.

The standard permissions are really quite straightforward. Let me briefly explain what they mean. READ_CONTROL (“Read Permissions") controls whether you can read the owner and DACL in the object’s security descriptor. If you don’t have this permission, you’re not even allowed to see what permissions you do have! WRITE_DAC (“Write Permissions") and WRITE_OWNER (“Take Ownership") say whether you’re allowed to change the object’s DACL or take ownership of the object by changing the owner SID to be your own SID (for more detail, see What Is Ownership ). SYNCHRONIZE says whether you can wait on an object (this is most often used with synchronization objects such as a mutex or semaphore). By limiting SYNCHRONIZE access, you can prevent an untrusted user from grabbing a mutex that your program depends on and deadlocking you. And DELETE is pretty obvious.

Let’s say you want to grant Alice permission to read a registry key. It’d make sense to grant her a combination of the following:

  • KEY_QUERY_VALUE
  • KEY_ENUMERATE_SUB_KEYS
  • KEY_NOTIFY
  • READ_CONTROL

If you binary OR these values together, you’ll end up with 0x00020019. This would be the access mask you’d put into the ACE ( What Is An Access Control List ) to grant Alice read access to the key. For an example of code that modifies an ACL programmatically, check out How To Program ACLs .

Look at the following access mask and try to figure out what it means: 0x00130000. The answer is in the following footnote2. Now try to decode this one: 0x00000001. Surely this one is easier! Oh wait, I didn’t tell you what type of object we’re talking about. I mean, if it were a registry key, this would be KEY_QUERY_VALUE -a fairly benign permission to grant, at least compared to THREAD_TERMINATE! You see, given a random permission mask, you really can’t tell what it means unless you know the type of object to which it applies, unless it simply consists of standard permissions, which are defined centrally for all objects.

With this in mind, think about a permission mask that would be generic enough to grant read permission to any type of object in the system, including registry keys and threads. For a registry key, we’d want 0x00020019, as we calculated earlier for Alice. But for a thread, it’d be 0x00020048. That’s a very different mask. As you can see, because no two types of objects can be expected to have the same sorts of permissions, at first glance it’d be impossible to treat objects polymorphically with respect to permissions. But if you look a bit further into winnt.h, you’ll find the following rather interesting definitions:

 // excerpt from winnt.h
#define GENERIC_READ (0x80000000L)
#define GENERIC_WRITE (0x40000000L)
#define GENERIC_EXECUTE (0x20000000L)
#define GENERIC_ALL (0x10000000L)

What do you think would happen if you added an ACE to a registry key’s DACL that granted Alice GENERIC_READ? Think about it for a moment. If you guessed that the system would convert the access mask from 0x80000000 to 0x00020019 before storing the new DACL in the metadata for the registry key, then you’d be correct. You see, each class of object in Windows defines a mapping from these four generic permissions onto standard and specific permissions. This allows us to make statements like, “By default, I’d like to grant full control to SYSTEM and myself for any object I create. Oh and I’d also like Alice to have read access as well." Here’s a text representation of just such a DACL:

 grant SYSTEM 0x10000000
grant Keith 0x10000000
grant Alice 0x80000000

It turns out that Windows makes a statement like this for every process! You see, inside the token ( What Is A Token ) is a default owner and DACL that are used whenever you create new objects3. For example, if you were to create a thread, how would the system know what the DACL for that thread should look like? Well, it looks at this default DACL that’s tucked away inside your token.

Here’s what a default DACL would look like for me on my laptop4:

 grant SYSTEM 0x10000000
grant Keith 0x10000000

So by default, any new threads that I create, or semaphores, shared memory sections and so on, start life with DACLs that specifically grant my account and SYSTEM full control. Nobody else will be able to touch the objects I create, barring specially privileged users such as administrators ( What Is A Privilege ). Note that hierarchical systems like the file system and registry instead use ACL inheritance to come up with a default DACL; this ensures that permissions remain consistent through the branches of the hierarchy. See What Is ACL Inheritance for the details.

The default DACL is one of the few mutable bits of data in a token. In most cases you shouldn’t ever need to change this DACL, as it’s already about as tightly secured as it can be. If you ever find the need to adjust it, you’ll want to look at the Win32 function SetTokenInformation.

  1. I’ve omitted three permissions that are specific to 64-bit Windows for brevity.
  2. DELETE, READ_CONTROL, and SYNCHRONIZE.
  3. By “objects" I mean any object that has a security descriptor ( What Is A Security Descriptor ), such as a process, thread, mutex, etc.
  4. If you want to do this experiment, you should download the Token Dump component from my website. I don’t know of any built-in tool that shows this information.

2004年美國最熱門的真人實境秀『誰是接班人』,是由經歷金融風暴又鹹魚翻身的美國富豪唐納川普所一手策劃的全新節目。在節目中,川普找來十六位參賽者,每週進行比賽。題目由全美五百大企業提供,包括從路邊賣檸檬汁到廣告企劃,非常多元。

比賽的方式十分簡單,十六位參賽者分成兩組,每星期要想辦法解決川普所出的難題,輸的一方要淘汰一名組員。最後勝利者,可以獲得任職於川普旗下公司的機會,而且年薪高達六位數美金。

繼第一季創造了"You’re fired."的名言之後,川普在第二季請出財富雜誌前五百大企業,給予參賽者比第一季更嚴酷、更高難度的行銷挑戰,包括為年營業額上千億的電子公司上電視現場推銷產品、幫知名牙膏大廠在一周內開發出新口味、建立行銷通路等,更多想像不到的商場致勝秘訣從第二季一一登場。這次總計十八人參賽,有長春藤名校的高材生,也有連高中都沒畢業的小老闆。他們每星期想辦法解決川普所出的難題,輸的一方要淘汰一名組員。最後勝利者,同樣可以獲得負責川普旗下公司的機會,年薪高達六位數美金。這些參賽者再度引爆精采的職場爭鬥戰!

Apprentice Theme: “for the love of money"-The O’Jays

The Apprentice Rules: http://www.theapprenticerules.com/

The Apprentice Blog: http://www.theapprenticeblog.com/

Official site for season 2: http://www.nbc.com/nbc/The_Apprentice_2

Official site for season 3: http://www.nbc.com/nbc/The_Apprentice_3

Official site for season 4: http://www.nbc.com/The_Apprentice_4