[E-Lang] Java 2 "Security" (was: Re: WelcomeChrisSkalkaandScottSmith
of Johns Hopkins)
Jonathan S. Shapiro
shap@cs.jhu.edu
Thu, 25 Jan 2001 08:40:17 -0500
David Wagner wrote:
>
> Ben Laurie wrote:
> >The difference is that if I delegate my identity to a person or program,
> >they can do _anything_ I'm entitled to do according to the ACLs.
>
> Yeah, so don't do that. :-)
>
> There's nothing about ACL's that forces you to do all-or-nothing
> delegation. In fact, if you look at, say, Unix file permissions (an
> ACL system), delegation is not all-or-nothing: you can hand off just
> read permission, etc.
In fact, if you look at Lampson's paper "Protection", you'll find that
there is no operation permitting you to do that at all.
However, in current ACL *implementations* it is often the case that
setuid/setgid seem like the only solution.
Jonathan