1-3: great, a clear solution for the points I had! A GO from me :)
Restricted file system access (by directory) would be nice to have and imho not to hard to implement. Nice to have because the solutions you mention for this problem are really not a windows users daily job (even I do what all do: run as Administrator user and freenet + clients do run under my user as well *g*). Windows XP home does not have a user management or file system permissions at all (?)... So some easy dialog/option to setup a restricted file system access (e.g. as in the user interface of the filezilla ftp server) would be great. I mention the filezilla user interface because I do not know if you unix users know about such dialogs, I assume you edit some obscure config files with vi or emacs... ;) On 11/2/06, toad <toad at amphibian.dyndns.org> wrote: > How about the following?: > > 1. Any FCP connection not from localhost is automatically set to > untrusted mode. > 2. The user may set a flag indicating that all connections are > untrusted. > 3. The user may create one or more username/password pairs for > authorized access. These are kept in a file readable only by the user > running the node: > username:password:keywords > > "keywords" contains a list of keywords (config, read-disk, write-disk, > etc). > > I have considered specific limitations on where in the local filesystem > files can be downloaded to / uploaded from. I'm not convinced that this > is Freenet's job; if you have untrusted local users (and maybe even if > you don't), you should run Freenet in a chroot. And if the attacker has > filesystem access, he can create symlinks etc (which java cannot deal > with). It is impossible for us to for example fork a subprocess which > then setuid's to the user in question. So I say we shouldn't get into > that, since we can't do it well. > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (GNU/Linux) > > iD8DBQFFSkzzA9rUluQ9pFARAkaKAKCG0K4ey1pZlEgMq7eUEr4nPNGPHQCfVcdG > Tn3gMIZMTsYUOxiLp/klS88= > =q3ZN > -----END PGP SIGNATURE----- > > > _______________________________________________ > Tech mailing list > Tech at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/tech > >
