[fedora-ja-list] [Bug 125331] htt_server needs the privileges to support the multiple users
bugzilla @ redhat.com
bugzilla @ redhat.com
2004年 6月 13日 (日) 19:15:19 UTC
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125331
------- Additional Comments From hiura @ openi18n.org 2004-06-13 15:15 -------
Being paranoia for security is not a bad thing, and actually I am
too. There are bunch of common methods to improve security, so
many of them are implemented or in progress, but even before that,
we should accurately identify what's the root cause of the problem,
then design the solution for it, instead of jumping illogically
onto per-user library/server is the solution.
The cause of needing root previledge is not from IIIMF server
itself, but from some LEs(typically from the library linked by
it instead of the LE implementation itself). Some IM libraries
assume simple "getuid()" or such sort work always fine to get
user's identity. This assumtion forced to htt_server to run as
root, but the optimal solution is to fix such library. We have
vmseparator which could deal with such situation for some cases,
and also improve security and stability.
Note that any LEs directly accessing $HOME is NOT allowed (by
design :-). even though it is doable technically if server is
on local machine, but only client(and client libraries) should
have an access to $HOME.
So there is no need for IIIMF server/LEs to obtain root privilege
to access $HOME(by design :-).
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Fedora-ja-list メーリングリストの案内