[DGD] Kernerl security without guest programmers
bart at wotf.org
bart at wotf.org
Tue Jan 31 23:30:25 CET 2017
On Tue, 31 Jan 2017 13:21:15 -0800, Raymond Jennings wrote
> > object find_account(string user)
> > {
> > if (! SYSTEM())
> > return nil;
> >
> > ...
> > }
> >
>
> For this I vastly prefer causing a runtime error.
>
> In my opinion (tm), code that fails silently when it tries to do something
> it isn't supposed to be doing in the first place needs to be fixed, and
> flagging an error helps weed these cases out.
I'm of the same opinion, and for example Gurbalib's require_priv() afun causes
a runtime error when the required privilege is not met.
Code calling a privileged method can always catch those runtime errors if they
are expected, so the lpc code can handle them nicely (think of giving nice
feedback to a user mistyping a path in a file command for example).
Bart.
--
http://www.flickr.com/photos/mrobjective/
http://www.om-d.org/
More information about the DGD
mailing list