Re: Thankyou.

[Seth Nickell <snickell stanford edu>]

On Mon, 2002-08-19 at 03:32, Michael Meeks wrote:
> 
> On Mon, 2002-08-19 at 03:36, Seth Nickell wrote:
> > > 	The acute security issues have been solved then ?
> > > 
> > > 	Until then, it goes no-where near nautilus.
> > 
> > Remind me which acute security issues you are referring to?
> 
> 	I believe (but am in no way certain) that the reason Medusa was not
> shipped (by Ximian (and others)) was that it compromised security;
> whether by storing world readable archives - or by breaking unix
> permissions / groups or whatever - I know not.
> 
> 	Presumably that is fixable, has it been fixed ?

Hi Michael,

Medusa was originally not included in GNOME 1.4 because it was leaking
file descriptors like mad. At the same time it was observed that the
technique that Medusa was using to allow users to enable or disable
global indexing could be a security hole (it was using /com which
contains truly shared read-write data between users). This has since
been rectified by removing that feature from medusa (now only the
sysadmin can turn indexing on or off). 

Medusa stores its indexing database as root only and all access is done
through a search daemon (which verifies the connecting process' UID etc,
and will only pass back information about files that the user would be
authorized to view). I would suggest we disable text indexing which is
currently still rather slow, and poses the greatest possible security
risk even supposing somebody did manage to trick medusa-searchd or get
access to the index file. Without text indexing the information
protected by medusa is relatively benign even assuming somebody could
bypass Medusa's security. With text indexing, if Medusa's were tricked
it could return information from /etc/shadow or whatever. In any case,
this would be a precautionary measure since theoretically medusa is
secure in this area.

-Seth