On 8 Apr 2009, at 08:32, Joe Orton wrote:
So I'm not sure that it's worthwhile. Having said that, it seems a lotmore worthwhile than the mod_privileges approach in the trunk, whichseems to claim it is secure so long as you don't execute untrusted code,so I'm not sure what threat model that addresses at all.
That's untrusted, privileges-aware code. Use case: mod_php, whose safe_mode prevents loading such code. -- Nick Kew
