On Thu, Feb 23, 2006 at 10:29:15AM +0000, Richard Frith-Macdonald wrote: > I'm not sure what 'this' is ... I would like the library to check > that the config files setting it paths are protected so that only the > current user and/or system manager(s) as appropriate can modify them, > so that a cracker cannot use them to get you to execute trojans. I > hope we are both still talking about the same thing. If you have > positive suggestions of other things we can do to improve security, > please let us know.
As the maintainer of trustees (http://trustees.sourceforge.net) I feel I have to chime in here. I think the biggest problem with all the additional checks is that it becomes a maintenance nightmare. So you've checked POSIX permissions, does the code check for POSIX ACLs (as far as I can tell it does not, but I haven't had the opportunity to test yet)? What about alternate permission schemes (trustees)? What about the next/greatest permissions system? What if windows adds some new mechanism? Network file systems where the permissions may not be visible from the client side? Its just, at best it seems like you can only get a false sense of security; do the benefits really outweigh the costs in complexity in the code? - Andy -- Andrew Ruder http://www.aeruder.net _______________________________________________ Discuss-gnustep mailing list [email protected] http://lists.gnu.org/mailman/listinfo/discuss-gnustep
