[E-Lang] Java 2 "Security" (was: Re: WelcomeChrisSkalkaandScottSmith of Johns Hopkins)

Jonathan S. Shapiro shap@cs.jhu.edu
Thu, 25 Jan 2001 08:40:17 -0500

David Wagner wrote:
> Ben Laurie  wrote:
> >The difference is that if I delegate my identity to a person or program,
> >they can do _anything_ I'm entitled to do according to the ACLs.
> Yeah, so don't do that.  :-)
> There's nothing about ACL's that forces you to do all-or-nothing
> delegation.  In fact, if you look at, say, Unix file permissions (an
> ACL system), delegation is not all-or-nothing: you can hand off just
> read permission, etc.

In fact, if you look at Lampson's paper "Protection", you'll find that
there is no operation permitting you to do that at all.

However, in current ACL *implementations* it is often the case that
setuid/setgid seem like the only solution.