[Python-Dev] Re: rexec.py unuseable (original) (raw)
Jp Calderone exarkun at intarweb.us
Wed Dec 17 14:17:52 EST 2003
- Previous message: [Python-Dev] Re: rexec.py unuseable
- Next message: Access Control (was Re: [Python-Dev] rexec.py unuseable)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Dec 17, 2003 at 07:06:52PM +0000, Luke Kenneth Casson Leighton wrote:
[snip]
i believe that it is possible to express what nick coghlan defines capabilities to be into an ACL. how? by creating a security permission called "can you see it and execute it?" let's call it SEEANDEXECUTE then, the language (interpreter) does this (following the example of the SamrCreateUser function, above): MakeFunctionCall(Context *stack, CodeObject *code) { char *calleefnname = GetCalleeName(stack); SECDES *sd = GetSecurityDescriptorForCode(code); /* check the capability to even see this function! */ if (!checksecdes(sd, calleefnname, SEEANDEXECUTE)) { return Exception("Function name %s does not exist", code->functionname); } /* okay, they can see it [and execute it] */ .... .... } does that make sense at all?
What appears to be missing here is the ability for a piece of code to take the existing permissions which it does posess and create new permissions within them.
With the system you propose, if a function foo' has permission to call function bar', how does foo delegate that permission to `foobar'? If it
cannot, then it becomes very difficult to write well factored code which can
also exist within the security framework.
Jp -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://mail.python.org/pipermail/python-dev/attachments/20031217/ec981992/attachment.bin
- Previous message: [Python-Dev] Re: rexec.py unuseable
- Next message: Access Control (was Re: [Python-Dev] rexec.py unuseable)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]