[DGD] Kernerl security without guest programmers
Raymond Jennings
shentino at gmail.com
Tue Jan 31 23:56:57 CET 2017
Way I see it, if you're assuming privileges, it should be like an assert
and cause a runtime error. If you expect that it might fail, then you
should explicitly test privileges first.
On Tue, Jan 31, 2017 at 2:30 PM, <bart at wotf.org> wrote:
> On Tue, 31 Jan 2017 13:21:15 -0800, Raymond Jennings wrote
>
> > > object find_account(string user)
> > > {
> > > if (! SYSTEM())
> > > return nil;
> > >
> > > ...
> > > }
> > >
> >
> > For this I vastly prefer causing a runtime error.
> >
> > In my opinion (tm), code that fails silently when it tries to do
> something
> > it isn't supposed to be doing in the first place needs to be fixed, and
> > flagging an error helps weed these cases out.
>
> I'm of the same opinion, and for example Gurbalib's require_priv() afun
> causes
> a runtime error when the required privilege is not met.
>
> Code calling a privileged method can always catch those runtime errors if
> they
> are expected, so the lpc code can handle them nicely (think of giving nice
> feedback to a user mistyping a path in a file command for example).
>
> Bart.
> --
> http://www.flickr.com/photos/mrobjective/
> http://www.om-d.org/
>
> ____________________________________________
> https://mail.dworkin.nl/mailman/listinfo/dgd
>
More information about the DGD
mailing list