Re: Followup: opinions on Search services



On Tue, 17 May 2005, Manuel Amador wrote:

>
> El jue, 12-05-2005 a las 14:11 -0400, John (J5) Palmieri escribió:
>
> >
> > A tool like this should not be a trusted component of the system.  We
> > have a very small amount of utilities that are trusted enough to enforce
> > their own permissions (mount for instance).  Having a search tool be a
> > trusted component of the system is wrong.  Let's not trade security for
> > resource conservation.
>
> The indexer is the trusted component, and thus it is written in a
> managed language to minimize the chance for exploits (that's why a tooll
> like Medusa could never ever be trusted).  The search component is not.
> I have been planning to drop root creds as soon as a search is received,
> but haven't found a way to do so cleanly, and moreover the project is on
> the back burner due to my job =(.

The search tool still has access to the complete index right?  So
it can give you information about other users' files too.  If
not, it means that you create a shared index and one per-user
index, then you can easily do the same thing without ever needing
root.

--behdad
http://behdad.org/



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]