09.02.2012 3:03 пользователь "Adam Retter" <adam@...> написал:
> Okay so I have been weighing up the pros and cons of the 'r-x' vs.
> '--x' requirements on stored XQuery main modules in eXist-db. I have
> foremost my security hat on, and want to adhere to the Unix security
> model as that is what eXist-db attempts to implement, and it is a very
> good model.
> The argument or not having the 'r' flag on XQuery scripts because they
> may contain sensitive information like usernames and passwords seems
> invalid to me, because sensitive information probably should not be in
> these scripts anyway.
> Arguably there was a time when you had to do this because the eXist-db
> authentication and user management system was not flexible enough; so
> perhaps because you created your own username/password system which
> mapped onto a few simple eXist-db users. This has changed, eXist-db
> now supports ACL's and multiple authentication realms. In fact it is
> this very use-case that prompted the start of all the security changes
> in eXist-db by me.
> > If one can consider xquery /the native binary format/ in eXist-db, the
> > model would look a lot more, like what you are used to.
> However, the above argument suggested by Peter actually almost
> convinced me that maybe we should just require '--x' for execution of
> XQuery scripts and not 'r-x'.
> However, we would have to be willing to apply the same rule to XSLT
> and XProc, which I think is not perhaps a problem?
It simple to get ever with current messy :-)
> I just wrote a small bash script and a C program on my Macbook and
> compared the Unix permissions required to execute each, to check.
> The bash script requires both read and execute bits when executed as
> '$ ./hello.sh' and bash cmd requires execute, BUT only requires read
> when executed as '$ bash hello.sh', whilst bash cmd requires execute.
> The C program, only requires the execute bit to execute.
C program for linux is same as xquery script for eXist (visa versa), IMHO.
> So I am now open to the idea of just requiring the 'x' bit to execute
> an XQuery script and not the 'r' bit, however the implementation of
> this is incredibly hard without sacrificing security and seperation of
It simple if interpretator check 'x' bit and read script as SYSTEM
> The problem is that eXist-db's internals are somewhat messy,
> and to know if a document is an XQuery document you have to read it
> from the database, reading from the database requires the 'r' flag.
Note: Permissions to read metadata required only.
> So what am I saying, I think this is doable and I will change it to
> just require the 'x' bit, but it will take time to do this correctly
> as much refactoring of eXist-db will have to happen. So please be