Re: [SERVER, SECURITY] bug in set_task_perms() ?

• Date: Thu, 21 Sep 1995 14:34:24 PDT
• From:
  Pavel Curtis <pavel@parc.xerox.com>
• cc: MOO-Cows.parc@xerox.com
• In-Reply-to: "Gustavo Glusman's message of \"Thu, 21 Sep 1995 12:31:44 PDT\" <v02130504ac876c608bd3@[132.76.55.130]>"

Gustavo Glusman writes:
> The problem is that wizperms can set_task_perms() to an invalid object.
> Some verbs rely on testing whether valid(caller_perms()), as a general test
> for 'am I being called from command line, or from another verb?', just
> because this is cheaper than using callers(). But setting task perms to an
> invalid may fool this.

I claim that this valid(caller_perms()) test was always bogus; the proper test
is `caller_perms() == #-1' or (yes, more expensive but you shouldn't be doing
it in the expensive failure case very often) `callers() == {}'.

	Pavel

• [SERVER, SECURITY] bug in set_task_perms() ?
• From: bmgustav@bioinformatics.weizmann.ac.il (Gustavo Glusman)

• Prev: Re: [SERVER, SECURITY] bug in set_task_perms() ?
• Next: Re: [SERVER, SECURITY] bug in set_task_perms() ?
• Index: MOO-cows
• Thread: MOO-cows