[m-dev.] Libraries Idea

Peter Schachte schachte at cs.mu.OZ.AU
Wed Sep 22 14:44:14 AEST 1999

Previous message: [m-dev.] Libraries Idea
Next message: [m-dev.] Libraries Idea
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > Hmmm.  Ok, how about a setgid program?  There'd be a
> 
> I don't see that this solves any of the problems.  If it's only setgid, then 
> the processes are still owned by the user invoking them, as will be the 
> files, and so the user can still do anything they like with the files once 
> they exist (you cannot deny the owner of the file write access to it, 
> because they are [essentially] free to change the permissions on it any time 
> they like).  Even if that could be arranged, setgid suffers from most of the 
> problems of setuid, in that preventing the malicious setting of environment 
> variables, avoiding race conditions, etc., etc. are still required.  And for 
> something as complicated as a Mercury build, that kind of thing scares me, 
> unless some very simple insulating wrapper can be devised which somehow 
> avoids them all in one go.

Hrumph.

Isn't there some way to do this under unix?  All it needs is a way to
have files that can be read by anybody but can only be written by one
program.  It seems like a simple enough request, someone must have
solved this before.

I think each of the problems Warwick mentions can be avoided with a
setuid program (I'm back to setuid because of the file ownership
problem).  Race conditions can be avoided by having a single process
coordinate the building and accept requests for more objects to build.
The environment problem could be solved by insulating the builder
process's environment from the mmc or mmake instance that launched it
(except certain mercury-related environment variables may need to be
passed to it separately).

What worries me is the "etc."  What other problems are there I haven't
thought of and Warwick hasn't mentioned?  As I said -- and illustrated
-- I'm no security expert.

-- 
Peter Schachte                     What we are looking at is good and evil,
mailto:schachte at cs.mu.OZ.AU        right and wrong. A new world order!
http://www.cs.mu.oz.au/~schachte/      -- George Bush 
PGP: finger schachte at 128.250.37.3  
--------------------------------------------------------------------------
mercury-developers mailing list
Post messages to:       mercury-developers at cs.mu.oz.au
Administrative Queries: owner-mercury-developers at cs.mu.oz.au
Subscriptions:          mercury-developers-request at cs.mu.oz.au
--------------------------------------------------------------------------

Previous message: [m-dev.] Libraries Idea
Next message: [m-dev.] Libraries Idea
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the developers mailing list