[Python-Dev] Re: rexec.py unuseable

Jp Calderone exarkun at intarweb.us
Wed Dec 17 20:17:52 CET 2003


On Wed, Dec 17, 2003 at 07:06:52PM +0000, Luke Kenneth Casson Leighton wrote:
> [snip]
>  
>  i believe that it _is_ possible to express what nick coghlan
>  defines capabilities to be _into_ an ACL.
> 
>  how?
> 
>  by creating a security permission called "can you see it and execute it?"
>  let's call it SEE_AND_EXECUTE
> 
>  then, the language (interpreter) does this (following the example of the
>  SamrCreateUser function, above):
> 
>  MakeFunctionCall(Context *stack, CodeObject *code)
>  {
>  	char *callee_fn_name = GetCalleeName(stack);
> 	SEC_DES *sd = GetSecurityDescriptorForCode(code);
> 
> 	/* check the capability to even _see_ this function! */
> 	if (!check_sec_des(sd, callee_fn_name, SEE_AND_EXECUTE))
> 	{
> 		return Exception("Function name %s does not exist",
> 		                 code->function_name);
> 	}
> 
> 	/* okay, they can see it [and execute it] */
> 
>     ....
> 	....
> 
>  }
> 
>  does that make sense at all?
> 

  What appears to be missing here is the ability for a piece of code to take
the existing permissions which it does posess and create new permissions
within them.

  With the system you propose, if a function `foo' has permission to call
function `bar', how does foo delegate that permission to `foobar'?  If it
cannot, then it becomes very difficult to write well factored code which can
also exist within the security framework.

  Jp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mail.python.org/pipermail/python-list/attachments/20031217/ec981992/attachment.pgp>


More information about the Python-list mailing list