[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: User defaults database permissions
|
From: |
Sheldon Gill |
|
Subject: |
Re: User defaults database permissions |
|
Date: |
Wed, 21 Jan 2004 10:01:38 +0800 |
|
User-agent: |
KMail/1.5.93 |
> I think you are correct that the code should not be changing the
> protection on the database.
It's nice to be right once in a while.
> What it *should* be doing is ensuring that nobody other than the owner
> and root have write permission to the database or to any directory
> above it.
Why *should* it?
The position I take is that security policy is for the system administrator
and the platform. It shouldn't be the responsibility of gnustep-core to try
to either create policy or enforce that.
Trying to enforce security policy, from my perspective, only has drawbacks:
1) It makes the code longer and more complicated. Something to avoid.
2) Currently the policy is hard coded so totally inflexible.
3) Changing (2) gives us more (1)
4) It doesn't provide any real benefit for the system.
5) As a general rule, getting security enforcement right is a lot of work.
In this specific case, the defaults database is created 0600. Nice and
reasonable. That's only going to change if someone *with permission* changes
it. If they do that, I think it's reasonable to assume that they know what
they're doing or at least should do.
Trying to enforce owner and root is going to be problematic IMHO. If you are
to change things along those lines:
* What do you do when you detect someone other than root or owner has write
perms?
* Windows has no 'root'. What are you going to do for that platform?
* How will you deal with ACL support?
Regards,
Sheldon