[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[RFC] Security policy for file handling

From: Sheldon Gill
Subject: [RFC] Security policy for file handling
Date: Tue, 12 Apr 2005 10:09:54 +0800
User-agent: Mozilla Thunderbird 1.0 (Windows/20041206)

Currently, there are a number of checks in core which enforce a particular security policy.

I believe that core should endeavour to respect the security policy of the system administrator rather than trying to enforce a specific policy of it's own.

I propose that the coding philosophy should be:
  *) When creating a file, do so with minimum permissions required
  *) When reading a file, open -> read -> close. Handle failure.

Essentially, if a file exists in the file system then core should respect it's permissions.
It should not try to change them.
It should not refuse to work because the permissions differ to an expected set which is hardcoded.
It should not refuse to work because uid isn't that of file owner.

However, it may be useful for system administrators and packagers to know more about what permissions should be set. The appropriate place for this is the documentation. Probably in with file heirarchy and path handling generally.

It may also be useful to create a "Check permissions" tool.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]