[Python-Dev] Re: rexec.py unuseable
exarkun at intarweb.us
Wed Dec 17 14:17:52 EST 2003
On Wed, Dec 17, 2003 at 07:06:52PM +0000, Luke Kenneth Casson Leighton wrote:
> i believe that it _is_ possible to express what nick coghlan
> defines capabilities to be _into_ an ACL.
> by creating a security permission called "can you see it and execute it?"
> let's call it SEE_AND_EXECUTE
> then, the language (interpreter) does this (following the example of the
> SamrCreateUser function, above):
> MakeFunctionCall(Context *stack, CodeObject *code)
> char *callee_fn_name = GetCalleeName(stack);
> SEC_DES *sd = GetSecurityDescriptorForCode(code);
> /* check the capability to even _see_ this function! */
> if (!check_sec_des(sd, callee_fn_name, SEE_AND_EXECUTE))
> return Exception("Function name %s does not exist",
> /* okay, they can see it [and execute it] */
> does that make sense at all?
What appears to be missing here is the ability for a piece of code to take
the existing permissions which it does posess and create new permissions
With the system you propose, if a function `foo' has permission to call
function `bar', how does foo delegate that permission to `foobar'? If it
cannot, then it becomes very difficult to write well factored code which can
also exist within the security framework.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://mail.python.org/pipermail/python-dev/attachments/20031217/ec981992/attachment.bin
More information about the Python-Dev