[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[RFC] Security policy for file handling
|
From: |
Sheldon Gill |
|
Subject: |
[RFC] Security policy for file handling |
|
Date: |
Tue, 12 Apr 2005 10:09:54 +0800 |
|
User-agent: |
Mozilla Thunderbird 1.0 (Windows/20041206) |
Currently, there are a number of checks in core which enforce a
particular security policy.
I believe that core should endeavour to respect the security policy of
the system administrator rather than trying to enforce a specific policy
of it's own.
I propose that the coding philosophy should be:
*) When creating a file, do so with minimum permissions required
*) When reading a file, open -> read -> close. Handle failure.
Essentially, if a file exists in the file system then core should
respect it's permissions.
It should not try to change them.
It should not refuse to work because the permissions differ to an
expected set which is hardcoded.
It should not refuse to work because uid isn't that of file owner.
However, it may be useful for system administrators and packagers to
know more about what permissions should be set. The appropriate place
for this is the documentation. Probably in with file heirarchy and path
handling generally.
It may also be useful to create a "Check permissions" tool.
Regards,
Sheldon
- [RFC] Security policy for file handling,
Sheldon Gill <=
- Message not available