Subject: [xsl] How to circumvent read-only permission From: "Roger L Costello costello@xxxxxxxxx" <xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx> Date: Sun, 10 Apr 2022 12:45:51 -0000 |
Michael Kay wrote: > I've certainly seen (and written) real applications in which > xsl:evaluate (or equivalent) was used to evaluate XPath > expressions read from cells in Excel spreadsheets. The > operating system has no idea this is going on, so the > distinction between read permission and execute > permission is meaningless. Wow! Let me be sure that I understand the full implications of this. Consider this scenario: We have an XML document that, for whatever reason, must be read-only. It must not be written to (no write permission) and it must not be executed (no execute permission). The operating system understands this and will enforce this. However, if the XML document contains XPath expressions, then the XSLT program that is reading the XML document can read the XPath expressions and execute them using xsl:evaluate. So, in a sense, the XML document is being executed. And, the operating system has no idea that the XML document is being executed and no way to prevent it. This is a way to circumvent the operating system's enforcement of read-only permission. Do I understand correctly? Have I described the full implications of this scenario or is there more to be learned from the scenario? Or is Michael alluding to some other scenario? /Roger
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
Re: [xsl] XSLT programs that blur t, Bauman, Syd s.bauman | Thread | Re: [xsl] How to circumvent read-on, Norm Tovey-Walsh ndw |
Re: [xsl] XSLT programs that blur t, Michael Kay mike@xxx | Date | Re: [xsl] XSLT programs that blur t, G. Ken Holman g.ken. |
Month |