Re: Followup: opinions on Search services


On Tue, 2005-05-10 at 16:56 -0500, Manuel Amador wrote:
> You could also have a multiple-responsibility model: an indexer running
> as root (which is the only part in the model that would be vulnerable,
> and thus SS chose a managed language to write this in), a search daemon
> which downgrades its security credentials upon search.  Postfix
> successfully uses this model.

I was referring more to the problems Medusa had back in 2000 or 2001, in
which it would reveal files to users that they shouldn't be able to see.
Also the bodies of those files are indexed and the user is searching
against the index, matching files they shouldn't otherwise be able to


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]