[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Pan-users] Re: Connections [Is it hiding a security hole?]
From: |
Per Hedeland |
Subject: |
Re: [Pan-users] Re: Connections [Is it hiding a security hole?] |
Date: |
Sun, 17 Aug 2008 01:53:55 +0200 (CEST) |
"Timothy J. Hamilton" <address@hidden> wrote:
>
>It would seem that somewhere Pan is not respecting *nix file ownership
>settings
>and permissions at least when it comes to servers.xml.
>
>That would suggest a security hole, even if a small one. It is my end-user
>non-programmer understanding that the foundation of *nix security was strict
>enforcement of file permissions and ownerships. If Pan starts as a
>user-process
>it should not be able to manipulate/delete/change files owned by root unless
>the user-process is run with special privilege(s) using sudo, kdesu, or
>similar.
If Pan really could "not respect" file permissions on your system, it
would be a security hole in your kernel, not in Pan, so not much point
in discussing it here...:-) However I'm pretty sure that you don't have
such a security hole - rather you're missing the fact that to delete a
file, you don't need any permissions for the file itself, only write
permission for the directory it's in. This is quite logical, since
deletion doesn't modify the file but the directory (and there aren't any
"delete permissions", only write).
And of course Pan doesn't delete (and re-create) the file out of an evil
desire to circumvent the lack of write permissions on the file, it's
pretty much standard procedure when you update config files and the like
programatically. I.e. you create a *new* file (say servers.xml.tmp),
write the data to that, and then 'mv' (or rather rename()) it over the
old one. This has several advantages, notably that you don't end up with
a mess if the writing fails for some reason, and that the change is
atomic, i.e. there is never a file which is half-old and half-new.
--Per Hedeland
[Pan-users] Re: Connections [Is it hiding a security hole?], Duncan, 2008/08/16