Re: Followup: opinions on Search services

From: Behdad Esfahbod <behdad cs toronto edu>
To: Manuel Amador <rudd-o amautacorp com>
Cc: gnome-devel-list gnome org
Subject: Re: Followup: opinions on Search services
Date: Tue, 17 May 2005 15:31:58 -0400 (EDT)

On Tue, 17 May 2005, Manuel Amador wrote:

>
> El jue, 12-05-2005 a las 14:11 -0400, John (J5) Palmieri escribió:
>
> >
> > A tool like this should not be a trusted component of the system.  We
> > have a very small amount of utilities that are trusted enough to enforce
> > their own permissions (mount for instance).  Having a search tool be a
> > trusted component of the system is wrong.  Let's not trade security for
> > resource conservation.
>
> The indexer is the trusted component, and thus it is written in a
> managed language to minimize the chance for exploits (that's why a tooll
> like Medusa could never ever be trusted).  The search component is not.
> I have been planning to drop root creds as soon as a search is received,
> but haven't found a way to do so cleanly, and moreover the project is on
> the back burner due to my job =(.

The search tool still has access to the complete index right?  So
it can give you information about other users' files too.  If
not, it means that you create a shared index and one per-user
index, then you can easily do the same thing without ever needing
root.

--behdad
http://behdad.org/

Follow-Ups:
- Re: Followup: opinions on Search services
  - From: Joe Shaw
- Re: Followup: opinions on Search services
  - From: Manuel Amador

References:
- Re: Followup: opinions on Search services
  - From: Manuel Amador
- Re: Followup: opinions on Search services
  - From: Peter Wainwright
- Re: Followup: opinions on Search services
  - From: John (J5) Palmieri
- Re: Followup: opinions on Search services
  - From: Manuel Amador

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]