[Easyb2k-devel] Security problem
Status: Pre-Alpha
Brought to you by:
wyrm
Menu
▾
▴
[Easyb2k-devel] Security problem
|
From: Marcos <ma...@un...> - 2007-10-31 18:00:59
|
Hi! I have BAD BAD news. I found a huge security problem in our model. If we include the glue in the daemon, the glue will be SUID, just as the deamon must be, since it can send direct command to USB devices. So the glue must be a complitelly different process than the daemon, even written by the user. What do you guys think ? Ohhh, what if we call our program TuxMate ? Marcos --- Daniel Ribeiro <dr...@gm...> schrieb: > 2007/10/31, Marcos Diez <ma...@un...>: > > Does that allow the glue to have a GUI ? > Yes, but i dont think that this is a good idea, as it may add latency > and instability issues to the core daemon. > > > How will the linking part work ? ( I mean, if a dynamic load a library, > > does qt/gtk/libGUI gets loaded automatically ? > Yes, you can load/unload any dynamic lib and it will load other needed > dynamic libs linked to the plugin. > > I believe that the GUI should be a different software, and connect to > our daemon using our standard d-bus transport (as other VoIP > applications would). > > -- > Daniel Ribeiro > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Easyb2k-devel mailing list > Eas...@li... > https://lists.sourceforge.net/lists/listinfo/easyb2k-devel > |
