Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!sdd.hp.com!decwrl!parc!kent
From: kent@parc.xerox.com (Chris Kent)
Newsgroups: comp.sys.next
Subject: Re: "file" operator disabled on NeXT 2.0
Message-ID: <1991Jan25.022446.29456@parc.xerox.com>
Date: 25 Jan 91 02:24:46 GMT
References: <392@heaven.woodside.ca.us>
Sender: news@parc.xerox.com
Organization: Xerox PARC CSL
Lines: 17

For The X Display PostScript extension we (Digital) decided to incorporate
such a restriction, too, but it was justified: the interpreter runs
inside the X server, which almost always (certainly on DEC machines) runs as 
root, and runs on the server machine, which is often not where the
client runs. Without some sort of intervention, this would lead
to a security hole and some real confusion, since the filesystem
namespace of the client and server might well be different.

We provided access to two directories in the server's filesystem, and 
didn't allow access "above" them (filename strings containing .. 
caused an error). This worked reasonably well, once you got used
to it.

chris
-- 
Chris Kent		Xerox PARC CSL			Palo Alto, CA USA
kent@arisia.xerox.com	xerox!kent			+1.415.494.4821