Re: which temp dir to use?
Re: which temp dir to use?
- Subject: Re: which temp dir to use?
- From: Kyle Sluder <email@hidden>
- Date: Mon, 25 May 2009 15:18:04 -0700
On Mon, May 25, 2009 at 3:08 PM, Michael Ash <email@hidden> wrote:
> Not at all. It doesn't change my point one whit. If A can command the
> privileged process to do something nasty, then C can do it too.
> (Possibly by breaking into A by one of the many mechanisms available
> and forcing it to make an evil request, possibly by imitating what A
> does.)
Isn't that exactly what we're talking about? C impersonating A by
swapping its own evil data into the channel A is using? It's a man in
the middle attack. To defend against it, you need to authenticate the
client *and* secure the channel. The authentication part was never
mentioned because it's not pertinent to the flaw we're discussing,
which is a function of using the filesystem to shuttle data around.
--Kyle Sluder
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden