Re: Followup: opinions on Search services

From: Manuel Amador <rudd-o amautacorp com>
To: "John (J5) Palmieri" <johnp martianrock com>
Cc: gnome-devel-list gnome org, Peter Wainwright <prw ceiriog1 demon co uk>
Subject: Re: Followup: opinions on Search services
Date: Tue, 17 May 2005 12:28:50 -0500

El jue, 12-05-2005 a las 14:11 -0400, John (J5) Palmieri escribió:

> 
> A tool like this should not be a trusted component of the system.  We
> have a very small amount of utilities that are trusted enough to enforce
> their own permissions (mount for instance).  Having a search tool be a
> trusted component of the system is wrong.  Let's not trade security for
> resource conservation.

The indexer is the trusted component, and thus it is written in a
managed language to minimize the chance for exploits (that's why a tooll
like Medusa could never ever be trusted).  The search component is not.
I have been planning to drop root creds as soon as a search is received,
but haven't found a way to do so cleanly, and moreover the project is on
the back burner due to my job =(.

> 
-- 
Manuel Amador <rudd-o amautacorp com>
Amauta

Follow-Ups:
- Re: Followup: opinions on Search services
  - From: Behdad Esfahbod

References:
- Re: Followup: opinions on Search services
  - From: Manuel Amador
- Re: Followup: opinions on Search services
  - From: Peter Wainwright
- Re: Followup: opinions on Search services
  - From: John (J5) Palmieri

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]