|
From: | Richard Frith-Macdonald |
Subject: | Re: GNUstep introduces a serious security problem |
Date: | Tue, 17 Mar 2009 22:23:08 +0000 |
On 17 Mar 2009, at 21:18, Torli Birnbauer wrote:
I have just started to learn the GNUstep's development environment and I have in my very first program stumbled across a serious security problem in the way Objective-C handles IO. Obviously, Objective-C does not honour Unix file permissions. You can reproduce this problem on Unix/Linux systems by setting {{ chmod 000 /some/dir/ your.data }}, and then run the example program in the GNUstep documentation page (Base Programming Manual/The Objective-C Language) under "2.8.5 Loading and Saving Strings" by setting the path to {{ /some/dir/your.data }}.
I think you need to explain what you mean ... obviously it's impossible for objective-c not to honor unix file permissions (since those permissions are enforced by the operating system and haver nothing to do with objective-c, and any case where they fail to work would therefore be an operating system security bug, not an objective- c one) so you must mean something other than the obvious literal interpretation of your words, but I don't know what. Perhaps your could provide the code you used, a description of the observed behavior, and an explanation of why you think that behavior is wrong?
[Prev in Thread] | Current Thread | [Next in Thread] |