[rsbac] get current role
Bencsath Boldizsar
boldi at mail2003.etl.hu
Thu Nov 27 16:02:32 CET 2003
It is not so important, but as far as the "id" is a good way to debug
programs, this can also be helpful.
(E.g. "Look, this CGI program says it is executed with the user id of
www-data, and look, it uses the role "webserver" and so it won't be able
to harm anything, ... ...")
So it can be helpful for demonstration and/or debugging.
Also, in "RC NOT_GRANTED" error messages it could be helpful to get back
the Role that caused the error.
It is just my opinion, I don't think it is a big security risk if a
program knows which role (or role_id only) is used to execute it.
> The official way is rc_get_item() - processes are not supposed to know their
> current role, unless explicitely granted.
>
> I can add such a call, if you want, it can still be restricted.
>
> Amon.
> --
> http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
>
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac
>
>
More information about the rsbac
mailing list