[E-Lang] ACLs + delegation

David Wagner daw@mozart.cs.berkeley.edu
2 Feb 2001 00:42:18 GMT


Tyler Close wrote:
>This doesn't solve a thing if there is a mismatch between the
>operation that the authority can authorize and the actions of a
>particular operation. For example, your explicit ability to open files
>in a particular directory can still be confused into opening a file
>that you did not expect to open if clients can pass you a string file
>name.

How can it be confused?  Remember, it is querying the SubjectID
of the client and using that (rather than its own SubjectID) in
the open() call.  How can the server get confused?