Brock Pytlik wrote: > So, I don't really know much about security or SSL, but here goes: > > Depot.py: Is there a reason to make paths to key and certs be absolute > from the command line?
Apache did, and I assume there is some security-related reason for doing so. > Could a malicious user read from /dev/fd/* over and over and manage to > read the decrypted SSL key? Since the file descriptor remains open by our process, it is my belief that our process is the only one that can access it. I know that setuid/setgid scripts typically use this method of file access. However, this is an area that I am not 100% certain of, so commentary is appreciated. Cheers, -- Shawn Walker _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
