Re: Ownership and permissions for applications: security issues?
Re: Ownership and permissions for applications: security issues?
- Subject: Re: Ownership and permissions for applications: security issues?
- From: James Bucanek <email@hidden>
- Date: Thu, 13 Sep 2007 08:07:56 -0700
Stefan Haller <mailto:email@hidden> wrote (Thursday,
September 13, 2007 12:47 AM +0200):
I wonder if having permissions of 7xx isn't a huge security issue
No. If a file is owned by the current user, there's nothing
stopping that process from changing the permissions of the file
and writing it. Or writing a new file. Or -- I don't know --
just execute its nefarious code in whatever process would be
doing these other nefarious things.
BSD security is not a lock that prevents code from being
modified by malicious agents -- that's impossible to determine.
BSD security is based on the principle that it doesn't matter
where the code came from or how it got executed; If it's running
with the permissions of the current owner, it can't cause any
damage outside that domain. The hypothetical trojan code that
would be injected into your application can't do any more damage
than a standalone application, or an input manager plug-in, or
any of the scores of other methods that could cause code to execute.
Making your application bundle read-only just makes it less
flexible and difficult to work with. It does nothing to enhance
its security.
James Bucanek
____________________________________________________________________
Author of Beginning Xcode ISBN: 047175479X
<http://www.beginningxcode.com/>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden