The physical realization of abnormal sets

Discussion in 'Physics' started by BillO, Feb 4, 2010.

  1. BillO

    Thread Starter Well-Known Member

    Nov 24, 2008
    985
    136
    This last Tuesday in a country that shall remain unnamed the revenue arm of the federal government brought down their own public website.

    A systems security administrator wanted to create an all-encompassing group to which some important people could be assigned to allow any previously defined access to the website. To do this in a fool proof and rapid manner, he thought he would make the new group of access rights such that it contained all the other existing groups. He made bit of an error in process by creating the group first, then populating it by running a query on the system to select all existing groups. He then assigned this group of rights to the target users and told them to have at it. Problem is, when he ran his query the new group already existed.

    Well, the first time one of these users tried to log in, the security software opened the associated rights group and tried to assess the rights that should be granted to the user. What happened next was that the software consumed memory without bound trying to read all the elements in this abnormal set of rights until it exceeded the operating system limit and was summarily tossed out, resulting in the website being inaccessible to everyone.

    Now we have experimental, albeit unintentional, proof of the abnormality of abnormal sets. It made my day!
     
  2. studiot

    AAC Fanatic!

    Nov 9, 2007
    5,005
    513
    What is Russell's paradox doing in the Physics section?
    And aren't you mixing up groups of users and groups of rights?
     
  3. BillO

    Thread Starter Well-Known Member

    Nov 24, 2008
    985
    136
    A1: This is a physical manifestation and a physical response. Move it, or remove it, if it pleases you.

    A2: No, the group of rights are assigned to the group of users.
     
  4. studiot

    AAC Fanatic!

    Nov 9, 2007
    5,005
    513
    I still think it's muddled.

    As I understand it the above says (Let us say there are two existing groups of rights)

    Choose group1 containing {A,B,C} and group2 containing {D,E,F}
    and form a supergroup {A,B,C,D,E,F}.

    Now since none edit allof A,B,C,D,E,F are properties (rights) not groups Russell's paradox is not invoked, neither group1 nor group2 nor the supergroup contain themselves.

    So there must have been some other problem with the system.
     
    Last edited: Feb 7, 2010
  5. BillO

    Thread Starter Well-Known Member

    Nov 24, 2008
    985
    136
    That would be one acceptable way to create the proper group.

    However, what he did was more like the following.

    Let's say there were two existing non-empty rights groups at the start. G1 and G2.

    He creates another group G3 which is initially empty.

    He then runs a query on the system to provide a list of existing groups which returns G1, G2, G3.

    He populates G3 with that list such that G3={G1, G2, G3}.

    Why would he do it this way? The software in question has very sophisitcated capabilities. Rights can be defined from primitives and can resemble complex functions. These rights are assembled in groups that can be constructed to control access to applications in any way imaginable. As a simple example, a group could be created to grant specific access to a particular application like this:

    Gi={
    App Server=app1.suborg_x.org.com
    Application=accounts receivable
    Function=report generator
    Access=read only
    DD Server=db2.suborg_y.org.com
    Datasource=prerep
    Access=read only
    Firewall=internal1.suborg_z.org.com
    Protocol=https, http
    Port=80
    Time of day=08:00-18:00
    }

    Which allows internal users access to read specific reports in a specific application during a specific time frame using a browser.

    Now, consider that external access may need to be granted to some users so that they can read the same reports while on the road. So you create:

    Gj={
    App Server=app1.suborg_x.org.com
    Application=accounts receivable
    Function=report generator
    Access=read only
    DD Server=db2.suborg_y.org.com
    Datasource=prerep
    Access=read only
    Firewall=xternal1.suborg_z.org.com
    Protocol=https
    Port=80
    Time of day=08:00-18:00
    }

    So users only requiring internal access can be granted Gi, and users only requiring external access can be granted Gj. Now, if some users require both internal and external access, you could create third group like the above, or you could simply create it:

    Gk={
    Gi
    Gj
    }

    In this highly simplified example there seems little point to allowing groups to contain groups. More typically, an organization like the one in question has literally hundreds of applications with dozens of functions, accessible in dozens of modes by hundreds of user groupings. They have more than 7,000 rights groups currently defined. So to simplify administration groups can be nested to any degree.
     
  6. studiot

    AAC Fanatic!

    Nov 9, 2007
    5,005
    513
    Sorry please note my correction edit. It make my post make sense.

    This does not affect the observation that the members of the groups are not groups.

    I am taking a group to be another word for set in this context.

    Russell's paradox involves two sets

    The set of all normal sets
    and
    The set of all abnormal sets

    And the question are these normal or abnormal?
     
  7. BillO

    Thread Starter Well-Known Member

    Nov 24, 2008
    985
    136
    Yes, that's what Russell's Paradox is about, and yes, these are more properly sets and not groups. They are called 'groups' in the software, hence my use of the term.

    However, I did not bring up Russell, you did. I was just relating a physical system's response to being asked to deal with an Edit: abnormal set.
     
    Last edited: Feb 8, 2010
  8. BillO

    Thread Starter Well-Known Member

    Nov 24, 2008
    985
    136
    Possibly.

    He created his new set first, so it existed when he did the query to find all existing sets. Hence, it included itself once it was populated.
     
  9. studiot

    AAC Fanatic!

    Nov 9, 2007
    5,005
    513

    I took this in your first post as a reference to Russell's paradox. My apologies if you meant abnormal in a more general sense. Russell did also use the term non-normal.
     
  10. BillO

    Thread Starter Well-Known Member

    Nov 24, 2008
    985
    136
    It only takes one particular abnormal set to lead to Russell's paradox.

    I guess I do mean abnormal in the same sense as Russell. He meant it was any set that included itself. Same here, but I was not thinking of him when I made the OP.
     
Loading...