Re: Followup: opinions on Search services

From: Manuel Amador <rudd-o amautacorp com>
To: Peter Wainwright <prw ceiriog1 demon co uk>
Cc: gnome-devel-list gnome org
Subject: Re: Followup: opinions on Search services
Date: Tue, 17 May 2005 12:25:37 -0500

El jue, 12-05-2005 a las 18:46 +0100, Peter Wainwright escribió:

> 
> I don't see how you can run a per-user daemon without causing huge
> wastage on a multi-user system.  How does slocate do it? a system-wide
> search that inserts security permissions in a database and then
> respects 

Without seeing the code, I feel like it uses access(1) to determine
whether the user can access the file in the results.  That's why it runs
setuid.

> them when responding to queries?  That is probably the way to go, even 
> if it is difficult to get right.  You will probably need some separation
> of permissions in the setgid (or setuid) client part to keep the 
> dangerous stuff simple.
> 
> Peter Wainwright
> 
> > 
> > But, you know, you could fork and setuid()/setgid() to the calling user
> > right before performing searches or other user-requested actions.
> > 
> > > 
> > > That said, there is a lot to be gained by having a shared store for a
> > > lot of interesting, publicly available system-wide data.  Things like
> > > launchers, man pages, etc. are definitely useful to the user.  Right now
> > > we're indexing those for each user, but this is obviously suboptimal.
> > > We don't have a concrete plan for this right now, but there are a few
> > > options: we could have an instance of the daemon running as user nobody
> > > which monitors some interesting directories (like the man paths); we
> > > could have a shared read-only index crawler ala updatedb run once a day
> > > or so.  But it's not something we've sat down and prototyped or
> > > investigated in depth yet.
> > 
> > You could also have a multiple-responsibility model: an indexer running
> > as root (which is the only part in the model that would be vulnerable,
> > and thus SS chose a managed language to write this in), a search daemon
> > which downgrades its security credentials upon search.  Postfix
> > successfully uses this model.
> > 
> > > 
> > > Joe
-- 
Manuel Amador <rudd-o amautacorp com>
Amauta

References:
- Re: Followup: opinions on Search services
  - From: Manuel Amador
- Re: Followup: opinions on Search services
  - From: Peter Wainwright

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]