Re: Followup: opinions on Search services
- From: Behdad Esfahbod <behdad cs toronto edu>
- To: Manuel Amador <rudd-o amautacorp com>
- Cc: gnome-devel-list gnome org
- Subject: Re: Followup: opinions on Search services
- Date: Tue, 17 May 2005 15:31:58 -0400 (EDT)
On Tue, 17 May 2005, Manuel Amador wrote:
>
> El jue, 12-05-2005 a las 14:11 -0400, John (J5) Palmieri escribió:
>
> >
> > A tool like this should not be a trusted component of the system. We
> > have a very small amount of utilities that are trusted enough to enforce
> > their own permissions (mount for instance). Having a search tool be a
> > trusted component of the system is wrong. Let's not trade security for
> > resource conservation.
>
> The indexer is the trusted component, and thus it is written in a
> managed language to minimize the chance for exploits (that's why a tooll
> like Medusa could never ever be trusted). The search component is not.
> I have been planning to drop root creds as soon as a search is received,
> but haven't found a way to do so cleanly, and moreover the project is on
> the back burner due to my job =(.
The search tool still has access to the complete index right? So
it can give you information about other users' files too. If
not, it means that you create a shared index and one per-user
index, then you can easily do the same thing without ever needing
root.
--behdad
http://behdad.org/
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]