On Thu, 2005-10-27 at 11:58 +0200, Alfred M. Szmidt wrote: > Note that turning off home directory before opening the network > port is NOT good enough! > > You say that it isn't good enough, without explaining why.
It would not be bad to try to think things out for yourself once in a while. Everybody here needs to start thinking about design from the attacker point of view in order to be able to evaluate their designs. To answer your question: Once the hostile program can read my home directory, I must assume that it *has* read my home directory. After this, cutting off access to the directory will not prevent disclosure over the network of my current content. Therefore, cutting off the home directory before enabling the network connection is insufficient. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
