On Wed, Dec 17, 2003 at 07:06:52PM +0000, Luke Kenneth Casson Leighton wrote:
> [snip]
>
> i believe that it _is_ possible to express what nick coghlan
> defines capabilities to be _into_ an ACL.
>
> how?
>
> by creating a security permission called "can you see it and execute it?"
> let's call it SEE_AND_EXECUTE
>
> then, the language (interpreter) does this (following the example of the
> SamrCreateUser function, above):
>
> MakeFunctionCall(Context *stack, CodeObject *code)
> {
> char *callee_fn_name = GetCalleeName(stack);
> SEC_DES *sd = GetSecurityDescriptorForCode(code);
>
> /* check the capability to even _see_ this function! */
> if (!check_sec_des(sd, callee_fn_name, SEE_AND_EXECUTE))
> {
> return Exception("Function name %s does not exist",
> code->function_name);
> }
>
> /* okay, they can see it [and execute it] */
>
> ....
> ....
>
> }
>
> does that make sense at all?
>
What appears to be missing here is the ability for a piece of code to take
the existing permissions which it does posess and create new permissions
within them.
With the system you propose, if a function `foo' has permission to call
function `bar', how does foo delegate that permission to `foobar'? If it
cannot, then it becomes very difficult to write well factored code which can
also exist within the security framework.
Jp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mail.python.org/pipermail/python-dev/attachments/20031217/ec981992/attachment.bin
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4