[fedora-ja-list] [Bug 125331] htt_server needs the privileges to support the multiple users
bugzilla @ redhat.com
bugzilla @ redhat.com
2004年 6月 14日 (月) 05:32:08 UTC
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125331
------- Additional Comments From hiura @ openi18n.org 2004-06-14 01:32 -------
There are several approaches to maintain so-called "privacy of
user dictionary". Even if a LE saves user dictionary same uid,
such as, say, "user canna" which is not readable by others, and
canna maintains the user as "canna user" instead of "UNIX user",
so-called "privacy of user dictionary" is maintained. This is not
at all surprisingly insecure approach, such as subversion is using
with svn+ssh method, for example.
About vmseparator; No, it's not what you imagined. Even via
vmseparator, No LEs should access $HOME directly comseptually :-).
The approach of vmseparator allows htt_server to use "UNIX user" by
running a separated LE instance in "real UNIX user id" to store
such private data in real UNIX user id. To do so,
in very small code to authenticate and change uid once to the target
user id portion still has to run with root privilege, but such
code only executes single extremelyl small static functionality,
so it would be much secure than having entire server running in
root privilege.
About malicious users; Of cource I assume there could be malicious
users on the same machine, but if such malicious user to take over
controll of what the LE instance beyond vmseparator stored, they
have to break the extremly small single function code to authenticate
and change uid, or they have to already obtain the target user's
UNIX id upfront. In the latter case, they already obtained the
access to wherever the user can, including $HOME anyway :-).
So I really don't buy the argument that storing users dictionary
into $HOME BY ITSELF significantly improves so-called "privacy of
user dictionary" as someone claims in loud.
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Fedora-ja-list メーリングリストの案内