Re: Security in GNOME




Havoc Pennington writes:
>It did used to be otherwise, unfortunately.

OK, so I'm not as senile as I thought.  :-)

>However James has a sensible
>point about other possible holes... which probably apply to the PAM stuff
>as well.

PAM itself is clean in this regard, and the setuid helper has been
thoroughly vetted by several reviewers.  I think we're OK with it.

>We may need to think about how to avoid the problem; maybe with a
>custom entry widget.

No, that doesn't help -- you need to do the data sanitization in the
setuid part; if you don't sanitize all data in the setuid part, then
you are right back at ground zero in terms of security.

michaelkjohnson

"Magazines all too frequently lead to books and should be regarded by the
 prudent as the heavy petting of literature."            -- Fran Lebowitz
 Linux Application Development     http://people.redhat.com/johnsonm/lad/



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]