[DGD] Cross-directory inheritance and read access
Noah Gibbs
noah_gibbs at yahoo.com
Fri Dec 5 06:28:07 CET 2003
In the Kernel Library, you need to have read access
to a file in order to inherit it. Special access
(giving a user specific access to a specific
directory) doesn't work for files in those users'
directories. So in order to inherit from a library,
that library has to be globally readable.
That seems wrong to me. The only method to prevent
somebody inheriting a globally readable library is the
forbid_inherit mechanism in the ObjectD. You could do
that, but it's a fair amount of work, and it's
circumventing the existing permissions system --
you've already made sure that they can read the file,
because if they can't then they can't inherit it. I
suppose Phantasmal could demand write-access to a file
in order to inherit it, but that would be *really*
insecure.
I could just skip the inheritance and do all work by
replacing the child object with a hook object, and
passing the calls through to it. That seems like a
very awkward interface, though. Is there some way to
reasonably access-control inheritance without making
directories like /usr/System/lib globally readable, or
moving the libraries to /usr/System/open/lib?
=====
------
noah_gibbs at yahoo.com
__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree
_________________________________________________________________
List config page: http://list.imaginary.com/mailman/listinfo/dgd
More information about the DGD
mailing list