2007/4/25, Rob Savoye <[EMAIL PROTECTED]>:
One easy tweak would be to change the user to something like nobody
Not without setuiding the binary, which doesn't sound like the path to security. Anyway the single-user-operating-system version can't do this, and 87% of systems on the net are such.
The only one to worry about is the FileIO extension
As a user I wouldn't want *any* extensions enabled that write to the environment unless I were running one specific Flash movie with known contents (i.e. that I had written myself or got from someone I trust). I wouldn't want random flash movies having access to mysql, nor have to security-audit every future extension - that sounds like a sure way to have endless new security holes forever. How about disabling all extensions at runtime, unless they are explicitly turned on, such as by a runtime flag like --enable-extensions=fileio[,...]? I would have said "or by config file or by menu-preferences" but now I wonder whether Gnash-specific extensions can always be disabled in the browser plugin. That would also avoid the appearance on the web of Flash movies that only work with Gnash (so we do not end up looking like the new Microsoft breaking existing web standards) while allowing applications that use a known movie or movies to do whatever they please. They just need bundle (or depend on) gnash and supply a wrapper program to launch it enabling whatever they need. Would that do all we need? M _______________________________________________ Gnash-dev mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnash-dev
