• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Authorization.h
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authorization.h

  • Subject: Re: Authorization.h
  • From: Gregory Block <email@hidden>
  • Date: Thu, 08 Nov 2001 05:09:10 +0000
The Contact GSV 'Not Bloody Likely' recently intercepted a transmission from
John C. Randolph <email@hidden>, originally written on 6/11/01 11:15:
> Considering that authentication is involved here, I recommend STRONGLY
> against using the file system to communicate between the processes.
> It's far too easy for a malicious program to watch /tmp/.

Indeed - I think that the single most dangerous security flaw in the
NIAuthentication methods isn't in the method itself, it's in the myriad of
ways people are choosing to communicate between the root-empowered side and
the wild and wooly userland.

I hope people keep security in mind when they're doing these things.

--
E-Mail: email@hidden (or email@hidden)
IRC Nick: MrsNesbit or Lightyear (or rLightyea)
LiveJournal: http://www.livejournal.com/users/lightyear/

References: 
 >Re: Authorization.h (From: "John C. Randolph" <email@hidden>)

  • Prev by Date: Re: dataWithContentsOfURL
  • Next by Date: Re: growing an NSView?
  • Previous by thread: Re: Authorization.h
  • Next by thread: Re: Authorization.h
  • Index(es):
    • Date
    • Thread