Re: Creating NSImage in a tool

discuss-gnustep

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Creating NSImage in a tool

From:	Richard Frith-Macdonald
Subject:	Re: Creating NSImage in a tool
Date:	Thu, 16 Feb 2006 07:29:57 +0000


On 16 Feb 2006, at 03:37, Alex Perez wrote:

Sheldon Gill wrote:
Stefan Urbanek wrote:
Hi,
I need a tool that will take some inputs and will generate one ormore TIFFS. I
am trying to create an image in a tool under MS Windows like this:

[snip]

The output is:

2006-02-13 15:10:14.000 test.exe[3512] Drawing path
The file 'c' is writable by someone other than its owner.
Ignoring it.
There is code in base which enforces a particular security policy.
It seems the security policy on your system violates thoseexpectations.The specific issue is that your configuration file 'c' haspermissions on it that base doesn't like.My recommendation is removing the offending code: gnustep-baseNSPathUtilities.m ~line 660
If this causes problems *under windows*, shouldn't it be ifdefedout *under windows*?

In plain english, I think what Sheldon is saying is that the doesn'tthink the base library should check whether the config file it isreading in could have been hacked by someone else or not.If so, I strongly disagree with him on this ... if you read in aconfig file which tells you where programs are located, and someonehas hacked that to point to a trojan, you have a big security issue,so this sort of checking is essential. It is not sufficient to saythat developers should add other checks of their own devising (ofcourse that would be good) ... you have to try to minimise securityproblems at every point.So the 'correct' advice would have been to locate and protect thisconfig file such that only the owner could modify it, so that thecheck would not fail. Hacking the source as suggested would be alast resort IF Stefan want insecure code.

Of course it's never quite that simple ... you have filesystems whichby design cannot be made secure ... do we just say config files arenot supported on such filesystems? It's a reasonable answer, butdebatable.On windows you also have the problem that the security model is notthe same as the posix/unix one, and it's possible to have thingssecured by access control lists even though they appear insecure whenyou look at posix file modes ... it's a bug that the base librarydoes not check this (and I would love someone to contribute the codeto do so) ... but that's a reason to fix the bug, not a reason tomake the code less secure.

I'm not sure whether the NSFileManager -fileAttributesAtPath:traverseLink: method should, on windows, checkACLs and modify the filePosixPermisions it returns based on ACLrestrictions, or we should only do those checks for a few special cases.

[Prev in Thread]

Current Thread

[Next in Thread]

Creating NSImage in a tool, Stefan Urbanek, 2006/02/13
- Re: Creating NSImage in a tool, Chris B. Vetter, 2006/02/13
- Re: Creating NSImage in a tool, Sheldon Gill, 2006/02/13
  - Re: Creating NSImage in a tool, Alex Perez, 2006/02/15
    - Re: Creating NSImage in a tool, Sheldon Gill, 2006/02/16
    - Re: Creating NSImage in a tool, Richard Frith-Macdonald <=
    - Re: Creating NSImage in a tool, Sheldon Gill, 2006/02/16
    - Re: Creating NSImage in a tool, Richard Frith-Macdonald, 2006/02/16
    - Base enforcing permissions policy on Config file, Sheldon Gill, 2006/02/23
    - Re: Base enforcing permissions policy on Config file, Richard Frith-Macdonald, 2006/02/23
    - Re: Base enforcing permissions policy on Config file, Andrew Ruder, 2006/02/24
    - Re: Base enforcing permissions policy on Config file, Sheldon Gill, 2006/02/24

Prev by Date: Re: Creating NSImage in a tool
Next by Date: Re: NSStream update
Previous by thread: Re: Creating NSImage in a tool
Next by thread: Re: Creating NSImage in a tool
Index(es):
- Date
- Thread