Menu
▾
▴
Re: [Exist-development] [HEADS-UP] Merge in of Security Branch
|
From: Hungerburg <pc...@my...> - 2012-02-08 18:51:46
|
Am 08.02.2012 16:40, schrieb Joe Wicentowski: > > You're saying that we need to start realizing that permissions now > dictate whether the the *system* can read/write/execute resources on a > given user's behalf, not whether the *user* can read/write/execute > resources. The system is now an explicit intermediary between the > user and resources. The system is the user's agent in > reading/writing/executing resources. How about that: The system, when executing/acting on behalf of a user, becomes her agent. The agents permissions are restricted by the principals, ie. users permissions. Therefore, in the unix model, interpreted scripts have to be readable, because they are not executed, instead the interpreter is executed, which then processes the text of the script. The exception are set-uid and set-gid executables, where the system dons the permissons of a specified other user/group, when acting for some user. It is NEVER a good idea to make something interpreted setuid! If one can consider xquery /the native binary format/ in eXist-db, the model would look a lot more, like what you are used to. -- peter |
