[DGD] Access
Felix A. Croes
felix at dworkin.nl
Thu Aug 9 13:36:42 CEST 2001
pete at ana.sk wrote:
> On 9 Aug 2001, at 13:12, Felix A. Croes wrote:
>[...]
> > That's default object access -- you can only grant access to users.
> > User-level access is handled in /kernel/lib/wiztool.c.
>
> That is what i am speaking about, how should it work? I can grant
> access for <user> to <dir> but objects from /usr/<user> does not
> have rights to <dir>, so what is it good for? I have put debug
> outputs to auto object functions, and it calls access with
> arguments like:
> user = /usr/World/sys/commandd
> dir = /usr/System/cmd/go.c
> and it does not work even though user World has write access to
> /usr/System
In the kernel library, objects don't have access outside their own
/usr/Foo directory, even though user Foo may have that access. This
is intended to prevent security leaks such as the above; if objects
in /usr/World have write access in /usr/System, then effectively
objects in /usr/World can do anything at all.
pete at ana.sk also wrote:
> One more thing: it works when i put object name instead of user
> name into access data. I have now
> uaccess ([2|"World":1,"/usr/World/sys/commandd":([1|"/usr/System":2,]),])
> in access data and object /usr/World/sys/commandd can finaly
> read and compile objects in /usr/System
Hacking always works.
<shrug>
Regards,
Dworkin
_________________________________________________________________
List config page: http://list.imaginary.com/mailman/listinfo/dgd
More information about the DGD
mailing list