On Tue, 17 May 2005, Manuel Amador wrote: > > El jue, 12-05-2005 a las 14:11 -0400, John (J5) Palmieri escribiÃ: > > > > > A tool like this should not be a trusted component of the system. We > > have a very small amount of utilities that are trusted enough to enforce > > their own permissions (mount for instance). Having a search tool be a > > trusted component of the system is wrong. Let's not trade security for > > resource conservation. > > The indexer is the trusted component, and thus it is written in a > managed language to minimize the chance for exploits (that's why a tooll > like Medusa could never ever be trusted). The search component is not. > I have been planning to drop root creds as soon as a search is received, > but haven't found a way to do so cleanly, and moreover the project is on > the back burner due to my job =(.
The search tool still has access to the complete index right? So it can give you information about other users' files too. If not, it means that you create a shared index and one per-user index, then you can easily do the same thing without ever needing root. --behdad http://behdad.org/ _______________________________________________ gnome-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-devel-list
