Menu
▾
▴
Re: [Exist-development] [HEADS-UP] Merge in of Security Branch
|
From: Hungerburg <pc...@my...> - 2012-02-09 12:38:38
|
Am 2012-02-09 04:32, schrieb Dmitriy Shabanov: > > C program for linux is same as xquery script for eXist (visa versa), IMHO. > > > So I am now open to the idea of just requiring the 'x' bit to execute > > an XQuery script and not the 'r' bit, however the implementation of > > this is incredibly hard without sacrificing security and seperation of > > concerns. > > It simple if interpretator check 'x' bit and read script as SYSTEM > (including modules) Dmitriy, as your case is to keep some users of the system from seeing the source of certain scripts: it is about confidentiality in a local context, unlike Joe, who seems to care about remote visibility only. Can the xquery processor (the agent) be trusted, to not allow literal output of some resource, that the calling user (the princpal) must not see? The way I see it, the devil is in /including modules/. Then there are xquery functions, that are probably safe - eg. import() when constructing the parse tree - and xquery functions that are not safe. Won't this put the xquery processor in charge of enforcing permissions? This just my outside view, please excuse, if I am off. -- peter |
