> > > >> This problem is often solved using filesystem permissions. Often programs >> are started as root and so they can read files where root is the only one >> having read permisson. After doing priviledged stuff the program drops its >> priviledge and acts as a normal user. In case of a pharo image that >> wouldn't be to easy. You could have a small program started as root reads >> the information from the file and starts pharo as normal user passing the >> information in. Or you could start pharo and another priviledged program >> that reads the password file and sets the information in the pharo image >> via socket or something similar. Or you are able to start the pharo process >> with a dedicated user and arrange the filesystem permission in a way that >> only this user has read access. Basically they are all the same. >> >> > mmm i understand. Doesn't look easy. The last one "Or you are able to > start the pharo process with a dedicated user and arrange the filesystem > permission in a way that only this user has read access" sounds one more > thing to do that could help. The only thing this can fail is if the user > the hacker use to get inside is the same that runs Pharo or one with root > provilegies. > > > Exactly. If someone is able to gain root priviledge there is not much left > you can do. That is one of the reasons why programs should have no special > priviledges or drop them after doing important stuff. Writing a C > application that starts your image, read password file and drops priviledge > is not as hard as it sounds. Probably the way you pass the information to > the image is a bit more. You certainly can not pass it as an argument to > the image without further measurement because it would be visible by > programs like ps. But there are ways to hide it or you can you use a pipe. > > Norbert...just curious...I guess it's a good idea if I have no ssh access for the user that runs the Pharo image and that will likely have read access to such file, right? So that way they only way to get inside the system is with another user and then jump to the one than runs Pharo. So there are at least 2 users there and not one. It makes sense right?
> If those are no options than it will be hard. Of course you can encypt the >> password file itself but that won't work without extra measurement. That is >> always the trap in thinking about security. The encryption of the password >> file would be possible only if you have something you can decrypt it with. >> And that information would have exactly the same security implications as >> the password itself. Thus it solves nothing but only shifts the >> responsibility for security to another piece of information. >> >> > yes, but as I wrote a bit, it will make it a bit more complicated! > > > > Thanks Norbert for the ideas. > > My pleasure! > > Norbert > > > -- Mariano http://marianopeck.wordpress.com
