On 06/13/2008 05:01 AM, Melchior FRANZ wrote in part:
> The second change is in $FG_ROOT/Nasal/io.nas. It replaces the original > io.open() with a version that checks for illegal write access to > non-authorized directories. (Reading is allowed everywhere. Use the > OS' permissions to prevent that.) The list of allowed directories is > hard coded in io.nas: > > FG_HOME, > "/tmp/", "/var/tmp/", > "[A-Za-z]:TMP/", "[A-Za-z]:TEMP/", > "[A-Za-z]:/TMP/", "[A-Za-z]:/TEMP/", > > Please tell me if this doesn't work for you, Does this work at all? I gather the goal is to make all malicious code harmless. Is it really true that writing to /tmp and /var/tmp is harmless? If so, you should publish this in the computer security literature. There are a lot of people who would like to know about it. For example, the Java VM Security Model flatly forbids writing to the local disk, and a lot of people would like to be able to lift this restriction. (There's more I could say about this, but I don't want to distract from the main point.) > (Reading is allowed everywhere. Use the > OS' permissions to prevent that.) Please explain this in more detail. For example, on ordinary Linux, what permissions should Joe User place on his personal financial files to make them unreadable by FGFS, and conversely what permissions should he place on his FG configuration files to make them readable? I can sorta see how to approach this using pseudousers for privilege separation. That is, for each user (Alice, Bob, Carol, etc.) you could have a pseudouser (AliceFG, BobFG, CarolFG, etc.) with separate privileges. Is that what is being proposed? ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Flightgear-devel mailing list Flightgear-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/flightgear-devel
