[fedora-ja-list] [Bug 125331] htt_server needs the privileges to support the multiple users

[bugzilla ＠ redhat.com]

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125331





------- Additional Comments From hiura ＠ openi18n.org  2004-06-14 01:32 -------
There are several approaches to maintain so-called "privacy of
user dictionary". Even if a LE saves user dictionary same uid,
such as, say, "user canna" which is not readable by others, and
canna maintains the user as "canna user" instead of "UNIX user",
so-called "privacy of user dictionary" is maintained. This is not
at all surprisingly insecure approach, such as subversion is using
with svn+ssh method, for example.
About vmseparator; No, it's not what you imagined. Even via 
vmseparator, No LEs should access $HOME directly comseptually :-).
The approach of vmseparator allows htt_server to use "UNIX user" by
running a separated LE instance in "real UNIX user id" to store 
such private data in real UNIX user id. To do so, 
in very small code to authenticate and change uid once to the target 
user id portion still has to run with root privilege, but such 
code only executes single extremelyl small static functionality,
so it would be much secure than having entire server running in
root privilege.
About malicious users; Of cource I assume there could be malicious 
users on the same machine, but if such malicious user to take over 
controll of what the LE instance beyond vmseparator stored, they
have to break the extremly small single function code to authenticate
and change uid, or they have to already obtain the target user's 
UNIX id upfront. In the latter case, they already obtained the 
access to wherever the user can, including $HOME anyway :-).
So I really don't buy the argument that storing users dictionary 
into $HOME BY ITSELF significantly improves so-called "privacy of 
user dictionary" as someone claims in loud. 



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.