Re: Thankyou.

From: snickell stanford edu
To: Abe Fettig <abe fettig net>
Cc: Seth Nickell <snickell stanford edu>, Michael Meeks <michael ximian com>, bordoley msu edu, Johnathan Bailes <johnathan bailes esi baesystems com>, Damien Covey <djcovey softhome net>, nautilus-list <nautilus-list gnome org>
Subject: Re: Thankyou.
Date: Tue, 20 Aug 2002 10:30:06 -0700

AFAIK locate can't search based on attributes like file type (probably
will end up being one of the most useful searches of all, particularly
with "vfolder" capabilitiy), dates, size, etc. Additionally, I would
hope that text indexing (and other content type indexing when medusa is
more pluggable) would eventually be enabled. We just need to consider
its security implications more carefully, and probably do something like
disable text indexing for files that are readable only by root to avoid
any possible uses in total system compromise if medusa is somehow
compromised.

-Seth

Quoting Abe Fettig <abe fettig net>:

> If medusa isn't going to do text indexing, is there really a need for
> it
> at all?  Couldn't nautilus just use locate/find like the current
> Gnome
> search tool does?
> 
> Abe
> 
> On Mon, 2002-08-19 at 22:20, Seth Nickell wrote:
> > On Mon, 2002-08-19 at 03:32, Michael Meeks wrote:
> > > 
> > > On Mon, 2002-08-19 at 03:36, Seth Nickell wrote:
> > > > > 	The acute security issues have been solved then ?
> > > > > 
> > > > > 	Until then, it goes no-where near nautilus.
> > > > 
> > > > Remind me which acute security issues you are referring to?
> > > 
> > > 	I believe (but am in no way certain) that the reason Medusa was
> not
> > > shipped (by Ximian (and others)) was that it compromised
> security;
> > > whether by storing world readable archives - or by breaking unix
> > > permissions / groups or whatever - I know not.
> > > 
> > > 	Presumably that is fixable, has it been fixed ?
> > 
> > Hi Michael,
> > 
> > Medusa was originally not included in GNOME 1.4 because it was
> leaking
> > file descriptors like mad. At the same time it was observed that
> the
> > technique that Medusa was using to allow users to enable or
> disable
> > global indexing could be a security hole (it was using /com which
> > contains truly shared read-write data between users). This has
> since
> > been rectified by removing that feature from medusa (now only the
> > sysadmin can turn indexing on or off). 
> > 
> > Medusa stores its indexing database as root only and all access is
> done
> > through a search daemon (which verifies the connecting process' UID
> etc,
> > and will only pass back information about files that the user would
> be
> > authorized to view). I would suggest we disable text indexing which
> is
> > currently still rather slow, and poses the greatest possible
> security
> > risk even supposing somebody did manage to trick medusa-searchd or
> get
> > access to the index file. Without text indexing the information
> > protected by medusa is relatively benign even assuming somebody
> could
> > bypass Medusa's security. With text indexing, if Medusa's were
> tricked
> > it could return information from /etc/shadow or whatever. In any
> case,
> > this would be a precautionary measure since theoretically medusa
> is
> > secure in this area.
> > 
> > -Seth
> > 
> > -- 
> > nautilus-list mailing list
> > nautilus-list gnome org
> > http://mail.gnome.org/mailman/listinfo/nautilus-list
> 
> 
> -- 
> nautilus-list mailing list
> nautilus-list gnome org
> http://mail.gnome.org/mailman/listinfo/nautilus-list
>

References:
- Re: Thankyou.
  - From: bordoley
- Re: Thankyou.
  - From: Michael Meeks
- Re: Thankyou.
  - From: Seth Nickell
- Re: Thankyou.
  - From: Michael Meeks
- Re: Thankyou.
  - From: Seth Nickell
- Re: Thankyou.
  - From: Abe Fettig

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]