Re: [Python-Dev] Re: rexec.py unuseable
What appears to be missing here is the ability for a piece of code to take the existing permissions which it does posess and create new permissions within them.
With the system you propose, if a function `foo' has permission to call function `bar', how does foo delegate that permission to `foobar'? If it cannot, then it becomes very difficult to write well factored code which can also exist within the security framework.
jp, i briefly touched on this in earlier messages, but have not expanded on it since. your question is therefore very useful. there should exist a permission called "sub-objects-get-a-copy-of-parent-permissions-at-sub-object-create-time" and i believe there also exists (in NT 5.0) _yet another_ permission that says "sub-objects-inherits-parent-permissions" to be honest, i don't know _all_ of the internal details of the NT 5.0 enhancements to security descriptors. if i recall correctly, the "gets-copy-of-permissions-on-create" isn't actually a separate permission but an ACE qualifier bit - a bit like the DENY and GRANT qualifications. in this way, permissions can be considered to be recursive (both at create time and at access-for-purpose-X time). the _old_ style of permissions, NT 4.0 and below, you had to MANUALLY add the permissions, recursively, to all sub-objects. and incidentally, that's one reason why you can only upgrade from an NT 4.0 NTFS to an NT 5.0 NTFS and not the other way round, because the security descriptors are jigged around and irreversibly converted. in that earlier message, i made a recommendation that the concept of "recursive" application of permissions NOT be considered for implementation (until at least the old nt4.0 style was implemented and well understood). but it _is_ important that the "sub-objects-get-a-copy-of-parent-permissions-at-sub-object-create-time" concept be implemented. otherwise, as you say, there's no way to delegate permissions. i'm assuming in the above description, perhaps incorrectly, that function 'foobar' is a member attribute of the function 'foo'? please clarify! l.
participants (1)
-
Luke Kenneth Casson Leighton