[DGD] Cross-directory inheritance and read access
Felix A. Croes
felix at dworkin.nl
Fri Dec 5 14:40:34 CET 2003
Noah Gibbs <noah_gibbs at yahoo.com> wrote:
> In the Kernel Library, you need to have read access
> to a file in order to inherit it. Special access
> (giving a user specific access to a specific
> directory) doesn't work for files in those users'
> directories. So in order to inherit from a library,
> that library has to be globally readable.
>
> That seems wrong to me. The only method to prevent
> somebody inheriting a globally readable library is the
> forbid_inherit mechanism in the ObjectD. You could do
> that, but it's a fair amount of work, and it's
> circumventing the existing permissions system --
> you've already made sure that they can read the file,
> because if they can't then they can't inherit it. I
> suppose Phantasmal could demand write-access to a file
> in order to inherit it, but that would be *really*
> insecure.
>
> I could just skip the inheritance and do all work by
> replacing the child object with a hook object, and
> passing the calls through to it. That seems like a
> very awkward interface, though. Is there some way to
> reasonably access-control inheritance without making
> directories like /usr/System/lib globally readable, or
> moving the libraries to /usr/System/open/lib?
What exactly do you want: have files readable without making them
inheritable, or have files inheritable without making them readable?
In the first case, you should use forbid_inherit to define your own
security model. This doesn't have to be complex. For example, you
could prevent inheriting anything that has "/private/" as a pathname
component unless the inheritor has the same creator.
In the second case, you can separate file access and inheritance by
making ~/open/lib/foo.c inherit from ~/lib/foo.c. Note that it is
a bad idea to do this for a second-level auto object, which is
inherited by everything, because you'd needlessly pollute the
inheritance tables that DGD uses internally.
Regards,
Dworkin
_________________________________________________________________
List config page: http://list.imaginary.com/mailman/listinfo/dgd
More information about the DGD
mailing list