[DGD] Inherit/include
Shevek
shevek at btinternet.com
Sun Feb 10 01:10:00 CET 2002
> > From what I see using status in the kernel lib the owner of a file gets
> > set to wherever it is compiled from it just doesn't seem to change a great
> > deal of anything. There isn't anything insecure about letting a file take
> > the access of the user who compiles it, so long as the user doesn't go
> > around compiling code they haven't checked.
>
>Foo examines a bit of code and finds it to be secure; Foo has gotten
>into the habit of checking every bit of his own code just before he
>compiles it, because there are others who have write access to his code.
>Foo is very security-conscious, and to make extra sure, he checks it
>three more times. However, just before Foo actually compiles the code,
>Bar replaces it with a version of his own. Bingo, a security leak.
There are a huge number of ways to prevent that scenario, a file alteration
locking flag is the most obvious that springs to mind.
I just wanted some clarification on what seemed odd behaviour. Now I know
what's actually going on I can see it does match what's outlined in section
4 of the kernel lib overview (Maybe a good example of reading the docs more
closely). Guess it just means being a bit more careful about where to
inherit from.
Cheers,
Shevek
_________________________________________________________________
List config page: http://list.imaginary.com/mailman/listinfo/dgd
More information about the DGD
mailing list