discuss-gnustep
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remove GSAppKitUserBundles


From: Matt Campbell
Subject: Re: Remove GSAppKitUserBundles
Date: Thu, 17 Mar 2011 10:39:24 -0500
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9

Nicola's proposal makes sense to me.

Matt

On 3/17/2011 10:34 AM, Nicola Pero wrote:

I don't understand why such a bundle-loading mechanism is considered a
security hole.

There are no "security holes" if the application is not setuid/setgid.  In that 
case,
a user can change his own user defaults to affect what bundles are loaded in 
applications.

That is no different than changing the PATH or the LD_LIBRARY_PATH (or 
installing programs
or libraries into the GNUstep user domain, or even just plainly editing 
~/.bash_profile
to start up programs) to cause custom code to be executed either when a 
specific program
is invoked, or when all programs are invoked, or when the user log in or in 
other situations. ;-)

But, if the application is setuid/setgid, then there is reason to fear that 
being able to
load custom bundles may be exploited to escalate user privileges.  How the 
loading is done
would need to be audited.  setuid/setgid executables are normally locked down 
to prevent
this kind of things; even if there is no exploit right now, it may slip in 
later on!

A simple idea would be to have gnustep-gui load all bundles from a predefined 
directory in the
System (and Local) domains (but not from the User domain).  Then, you'd have to 
install a bundle
to have it loaded in all your applications.  This removes the ability of each 
user to load his
own bundles (or indeed to control the bundles being loaded) but on the other 
hand, it makes it
reasonably safe and simple. :-)

Thanks








reply via email to

[Prev in Thread] Current Thread [Next in Thread]