discuss-gnustep
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GNUstep introduces a serious security problem


From: Gregory John Casamento
Subject: Re: GNUstep introduces a serious security problem
Date: Tue, 17 Mar 2009 15:18:55 -0700 (PDT)

Hi Torli,

If this is the case, then could you please write a bug at bugs.gnustep.org and provide your test program both here on the mailing list and on the bug system.

I'm not sure I understand how we can ignore UNIX system file permissions when we use the standard UNIX system calls in order to read and write files.

I am very interested in seeing your code.

Thanks, GC
Gregory Casamento -- Principal Consultant - OLC, Inc
# GNUstep Chief Maintainer

--- On Tue, 3/17/09, Torli Birnbauer <gootobi@gmail.com> wrote:
From: Torli Birnbauer <gootobi@gmail.com>
Subject: GNUstep introduces a serious security problem
To: discuss-gnustep@gnu.org
Date: Tuesday, March 17, 2009, 5:18 PM

I have just started to learn the GNUstep's development environment and I have in my very first program stumbled across a serious security problem in the way Objective-C handles IO. Obviously, Objective-C does not honour Unix file permissions. You can reproduce this problem on Unix/Linux systems by setting {{ chmod 000 /some/dir/your.data }}, and then run the example program in the GNUstep documentation page (Base Programming Manual/The Objective-C Language) under "2.8.5 Loading and Saving Strings" by setting the path to {{ /some/dir/your.data }}.

Torli
_______________________________________________
Discuss-gnustep mailing list
Discuss-gnustep@gnu.org
http://lists.gnu.org/mailman/listinfo/discuss-gnustep


reply via email to

[Prev in Thread] Current Thread [Next in Thread]