Re: Security in GNOME

From: "Michael K. Johnson" <johnsonm redhat com>
To: gnome-list gnome org
Subject: Re: Security in GNOME
Date: Thu, 12 Aug 1999 14:33:36 -0400

Havoc Pennington writes:
>It did used to be otherwise, unfortunately.

OK, so I'm not as senile as I thought.  :-)

>However James has a sensible
>point about other possible holes... which probably apply to the PAM stuff
>as well.

PAM itself is clean in this regard, and the setuid helper has been
thoroughly vetted by several reviewers.  I think we're OK with it.

>We may need to think about how to avoid the problem; maybe with a
>custom entry widget.

No, that doesn't help -- you need to do the data sanitization in the
setuid part; if you don't sanitize all data in the setuid part, then
you are right back at ground zero in terms of security.

michaelkjohnson

"Magazines all too frequently lead to books and should be regarded by the
 prudent as the heavy petting of literature."            -- Fran Lebowitz
 Linux Application Development     http://people.redhat.com/johnsonm/lad/

Follow-Ups:
- Re: Security in GNOME
  - From: James Henstridge

References:
- Re: Security in GNOME
  - From: Havoc Pennington

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]