Josh Berkus <josh@agliodbs.com> writes:
> As said, I discussed this with Gaetano on IRC, and am not sure why things are
> set up the way they are. If a user has permission on a view, shouldn't
> that include permission on any functions executed by the view? If not, why
> not?
Then all someone would have to do to bypass security on a function would be to
define a function of their own calling it?
If I execute shell script that calls a setuid root-only binary that doesn't
give me permission to execute the root-only binary...
--
greg