|
| From: | Chris Beaham |
| Subject: | Re: New method to load user bundles |
| Date: | Thu, 5 Jun 2003 11:27:01 +0200 |
Good points!On Donnerstag, Juni 5, 2003, at 10:52 Uhr, Richard Frith-Macdonald wrote:
I've been quietly observing this thread, and it seems to me that the concern about the security of loading bundles is a valid point, and the answer that any bundles have been installed by the user is only partially valid.1. The user doesn't know what bundles they have installed as part of third party apps.
I believe that this should be possible, it is however dependent upon the installation method. Maybe a standard GNUstep "Install" utility could provide the information, much like was available in NeXTstep and OPENSTEP. There it was possible to list out all of the package contents without performing the installation itself. This was a good feature and I used it on many different occasions. It also help determine what to backup before the installation so that an entire system backup wasn't needed every time. I apologize if these ideas have already been discussed to death, but it seems like a logical idea.
2. The user may pick up bundles installed by another user on their machine.
I can fully agree with this; In my comments I was not particularly thinking of a multi-user system where the root user and the normal user are sharing the same bundle. I was thinking more of the individual that has a private system and installs everything himself. I stand corrected. Thank you!
On the other hand, simply disabling bundle loading is not an acceptable solution.
Agreed
IMO what we would ideally have is -First, some mechanism to tell whether a bundle might have been provided or tampered with by another user. So for bundles in the user domain, we should probably check that the bundle is owned by the user and that it,(and its parent directories) are not modifiable by any other user.For bundles in other areas, we should perform a similar check, but accept bundles owned by root.
Let's also not forget about the possibility of using the "group" attribute (system dependent!?) when assigning file permissions. Why not create a "gnustep" group or something similar?
Secondly, we might want to provide facility to keep track of changes to bundles (eg store the bundle location and an md5 digest of it in the defaults system) and provide a callback facility (with a standard panel built into the gui) to alert the user about changes to bundles that are about to be loaded, and let them accept/refuse the load.
good idea
| [Prev in Thread] | Current Thread | [Next in Thread] |