[fedora-ja-list] [Bug 125331] htt_server needs the privileges to support the multiple users

[bugzilla ＠ redhat.com]

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125331





------- Additional Comments From hiura ＠ openi18n.org  2004-06-13 15:15 -------
Being paranoia for security is not a bad thing, and actually I am
too. There are bunch of common methods to improve security, so 
many of them are implemented or in progress, but even before that, 
we should accurately identify what's the root cause of the problem,
then design the solution for it, instead of jumping illogically 
onto per-user library/server is the solution. 
The cause of needing root previledge is not from IIIMF server
itself, but from some LEs(typically from the library linked by 
it instead of the LE implementation itself). Some IM libraries
assume simple "getuid()" or such sort work always fine to get 
user's identity. This assumtion forced to htt_server to run as 
root, but the optimal solution is to fix such library. We have
vmseparator which could deal with such situation for some cases, 
and also improve security and stability.
Note that any LEs directly accessing $HOME is NOT allowed (by
design :-). even though it is doable technically if server is 
on local machine, but only client(and client libraries) should 
have an access to $HOME.
So there is no need for IIIMF server/LEs to obtain root privilege
to access $HOME(by design :-).







------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.