discuss-gnustep
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Base enforcing permissions policy on Config file

From: Andrew Ruder
Subject: Re: Base enforcing permissions policy on Config file
Date: Fri, 24 Feb 2006 15:11:35 -0600
User-agent: Mutt/1.5.9i 
On Thu, Feb 23, 2006 at 10:29:15AM +0000, Richard Frith-Macdonald wrote:
> I'm not sure what 'this' is ... I would like the library to check
> that the config files setting it paths are protected so that only the
> current user and/or system manager(s) as appropriate can modify them,
> so that a cracker cannot use them to get you to execute trojans.   I
> hope we are both still talking about the same thing.  If you have
> positive suggestions of other things we can do to improve  security,
> please let us know.

As the maintainer of trustees (http://trustees.sourceforge.net) I feel I
have to chime in here.  I think the biggest problem with all the
additional checks is that it becomes a maintenance nightmare.  So you've
checked POSIX permissions, does the code check for POSIX ACLs (as far as
I can tell it does not, but I haven't had the opportunity to test yet)?
What about alternate permission schemes (trustees)?  What about the
next/greatest permissions system?  What if windows adds some new
mechanism?  Network file systems where the permissions may not be
visible from the client side?  Its just, at best it seems like you can
only get a false sense of security; do the benefits really outweigh the
costs in complexity in the code?

- Andy


-- 
Andrew Ruder
http://www.aeruder.net
reply via email to
[Prev in Thread] Current Thread [Next in Thread]