On 03/11/2011, at 5:49 AM, Luke Daley wrote:
> I think we should not use a daemon if it was started by another user.
Absolutely. This is GRADLE-1819, and it's near the front of the queue in
pivotal.
>
> If System.getProperty("user.name") is trustworthy (and it is AFAIK) it could
> be as simple as comparing this on both sides. We have machinery for this now
> so it would be trivial to add.
Depends what we want to protect against. It would help if I accidentally ran
gradle -g <some-other-user's-gradle-home-dir>. But it wouldn't protect against
a malicious client, which could report whatever user name it liked.
I think we want to start protecting against a malicious client, and do
something a bit stronger.
--
Adam Murdoch
Gradle Co-founder
http://www.gradle.org
VP of Engineering, Gradleware Inc. - Gradle Training, Support, Consulting
http://www.gradleware.com
