> I do wonder about the security implications of being able to > use plugins, and alias them to new ones with just a couple of > simple env vars.
Help me out here, because security's not really my thing. How would using an env var make the current situation any less secure than it already is? Assuming some mischievous individual wants to insert their own plugin, they'd need write permission to a directory in the PATH. If they have such write permission, they could simply replace a legit plugin with their own plugin of the same name; no alias mapping would be necessary. Am I missing something here? > If a user wanted to lock down the system to only use specific > plugins then what do we recommend, is something we need to > cater for? Is static linking the way to go in this instance. A static link would certainly eliminate the risks of the current plugin system. Paul Martz Skew Matrix Software LLC http://www.skew-matrix.com 303 859 9466 _______________________________________________ osg-users mailing list [email protected] http://openscenegraph.net/mailman/listinfo/osg-users http://www.openscenegraph.org/
