Am Donnerstag, 2. November 2006 20:54 schrieb toad: > How about the following?: > > 1. Any FCP connection not from localhost is automatically set to > untrusted mode. > 2. The user may set a flag indicating that all connections are > untrusted. > 3. The user may create one or more username/password pairs for > authorized access. These are kept in a file readable only by the user > running the node: > username:password:keywords > > "keywords" contains a list of keywords (config, read-disk, write-disk, > etc). > > I have considered specific limitations on where in the local filesystem > files can be downloaded to / uploaded from. I'm not convinced that this > is Freenet's job; if you have untrusted local users (and maybe even if > you don't), you should run Freenet in a chroot. And if the attacker has > filesystem access, he can create symlinks etc (which java cannot deal > with). It is impossible for us to for example fork a subprocess which > then setuid's to the user in question. So I say we shouldn't get into > that, since we can't do it well.
1+2: cool. I wish, we can get it yesterday ;) 3: this can may be helpful: http://www.xenonsoft.demon.co.uk/products/javaunix/docs/api/javaunix/UnixSystem.html http://www.xenonsoft.demon.co.uk/products/javaunix/docs/api/index.html -- Mfg saces
