[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: New method to load user bundles
From: |
Tobias |
Subject: |
Re: New method to load user bundles |
Date: |
Mon, 2 Jun 2003 22:54:03 +0200 |
User-agent: |
KMail/1.5.1 |
jeff wrote:
> This isn't security-related attention.
>
> Everybody knows that if you load bundles, you are giving away the keys to
> the castle -- that's why you don't load them in certain apps, and would
> have to be a damn fool to do so.
but you dont have any keys anymore. just because we allow LD_PRELOAD and
LD_LIBRARY_PATH.
you can replace your whole everything with those environment variables.
LD_* is even more powerful, because it is enabled on ALL (non suid) tools/apps
you open. is this a major security hole?
i think not.
> This takes that decision away from authors. With GSAppKitUserBundles, you
> have no choice.
which you don't have anyway... (i assume, you dont want to statically link
your app)
> You have no way to "secure" any application from
> modification, because the user can rewrite your application. No copy
> protection, because it can be bypassed with bundles. It effectively
> eliminates the possibility for closed-source GNUstep desktop software to
> exist.
why?, just because you can easily reverse-engineer?
you can do this w/o bundles with the same ease. so where is the problem?
> But hey, if you want that, go ahead. I thought some of you wanted more
> support, though.
we all may have different ideas about themes (i don't like them), but there
are people, that want eye-candy, so it is unwise to lost those users.
a different group as you meant, but equally (if not more) important than
commercial software vendors.
this is not meant to be offensive. these are important details.
too important to ignore. for special purpose computers (say in an internet
cafe) there is the need to disable LD_* and automatic bundle loading.
so a compile time flag should be enough.
~ibotty
- Re: New method to load user bundles, Jeff Teunissen, 2003/06/02
- Re: New method to load user bundles,
Tobias <=
- Re: New method to load user bundles, Jeff Teunissen, 2003/06/03
- Re: New method to load user bundles, Alexander Malmberg, 2003/06/03
- Re: New method to load user bundles, Chris Beaham, 2003/06/05
- Re: New method to load user bundles, Richard Frith-Macdonald, 2003/06/05
- Re: New method to load user bundles, Chris Beaham, 2003/06/05
- Re: New method to load user bundles, David Ayers, 2003/06/05
- Re: New method to load user bundles, Richard Frith-Macdonald, 2003/06/05
- Re: New method to load user bundles, David Ayers, 2003/06/05
Re: New method to load user bundles, Nicolas Roard, 2003/06/02