On Tue, Jul 25, 2006 at 03:09:56PM -0300, Avi Alkalay wrote: > We discussed before how to define a default backend, the use of environment > etc, and we found that and envvar is not secure enough. The other option was
Indeed it isn't right for setuid root apps. > Do you have a better idea on how to define a default backend ? A possibility would be to use a very simple config file which only holds the name of the default backend. However I have another idea, that may allow the use of the link for the default backend that works with proper namespacing, and also could add some security to elektra by limiting the locations where backends are searched for. The idea is to use only backends located in the backend directories, namely /lib/elektra and /usr/lib/elektra, but resolve symlinks. To achieve that, instead of giving to lt_dlopen the relative backend filename, give it an absolute filename, prefixed with /lib/elektra or /usr/lib/elektra, and with symlinks resolved. (of course replace /lib/elektra and /usr/lib/elektra by $(backenddir) and $(hlvlbackenddir) in the general case). What do you think about that idea? It seems to me that not searching in /lib and /usr/lib... adds some security. -- Pat ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Registry-list mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/registry-list
