[Python-Dev] rexec.py unuseable

Luke Kenneth Casson Leighton lkcl at lkcl.net
Tue Dec 16 20:55:25 CET 2003


On Tue, Dec 16, 2003 at 08:39:37PM +0100, Martin v. L?wis wrote:
> Luke Kenneth Casson Leighton <lkcl at lkcl.net> writes:
> 
> >  i think the only really sensible way forward is to begin from a
> >  sound basis - one that is going to be a big job to add retrospectively,
> >  but a simple beginning can be made.
> > 
> >  proposal: how about building ACLs into the python codebase?
> 
> I fail to see how ACLs are a sound basis to solve the problem that
> rexec solves. ACLs, in my view, are a sound basis to solve a different
> problem (that of different identities accessing the same resources).
> 
> Also, it seems that nowhere in your proposal you state how ACLs should
> be integrated into Python: I.e. what objects are protected by ACLs,

 all objects - if an acl is non-null.

> and how do you classify the various actions in a Python program as
> read/write/execute/modify_acl? E.g. given

 
>   3 * 4
> 
> Is that read, write, execute, and which ACL(s) is(are) considered?
 
  execute, and execute only, because there's no I/O involved.

  on the multiply operation.

  but _only_ if there's an actual ACL set _on_ the multiply function.

  if there's no acl set on the multiply function, there's no
  restrictions on the multiply function.

  l.






More information about the Python-list mailing list