[Python-Dev] rexec.py unuseable
Luke Kenneth Casson Leighton
lkcl at lkcl.net
Tue Dec 16 16:30:41 EST 2003
On Tue, Dec 16, 2003 at 09:08:37PM +0100, Martin v. L?wis wrote:
> Luke Kenneth Casson Leighton <lkcl at lkcl.net> writes:
>
> > > I fail to see how ACLs are a sound basis to solve the problem that
> > > rexec solves. ACLs, in my view, are a sound basis to solve a different
> > > problem (that of different identities accessing the same resources).
> >
> > substitute "identity" for "calling object" i.e. function and i
> > believe that there is a viable proposal.
>
> I don't think so. Suppose I have an object A protected by ACLs. Now I
> write a new method
>
> def doit():
> A.doit()
>
> Question 1. What is the calling object?
the globally-defined doit function.
> Question 2. Assuming it is "the doit function", and assuming the doit
> function is not listed in the ACL: Will the call be executed?
see below.
> If yes: What is the purpose of the ACL then?
> If no: I believe the proposal is not usable in practice. For example,
> what should be the ACL on calling open()?
okay. that is why in ACLs (or better CCLs) it is necessary
to have an "all functions" wildcard "name".
in NT, this is the "world" security id "S-1-1" (i think) which
represents "everyone".
if you set a CCL, and you expect to deny everything but a particular
function, you must have a two-entry CCL:
[('function_to_be_denied_access', DENY, 'permissions_to_be_denied'),
('all functions', 'ALLOW', 'anything')]
and yes, this is _normal_ practice in the use of ACLs in NT and VMS.
and yes, the default action is (IIRC), "if not explicitly stated,
deny".
with the exception to that, of course, that if no CCL is set,
it's "as if" there was a CCL set of [('all functions', 'ALLOW',
'anything')].
l.
More information about the Python-list
mailing list