artswrapper's new braces (Re: artswrapper defanged)
Kevin Puetz
puetzk at iastate.edu
Thu Aug 8 04:49:08 BST 2002
Phalanx also pointed out that I only got the current thread. I think artsd
loads all modules (and thus checks the taints) at startup, before any
threads other than the main one exist, but I'll have to verify that and/or
make it iterate the current threads and change them all.
Neil Stevens wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Wednesday August 07, 2002 08:28, Kevin Puetz wrote:
>> arts will drop RT permissions entirely if an untrusted module is loaded,
>> *before* executing *any* code from this module.
>
> Can you ifdef this with a configure option? It could be useful for, say,
> developers who are writing a playobject, to have the option to have some
> things owned as his own user.
OK... You could also chown the .la file, and not the .so file (thus giving
the module explicit blessing as I discussed when claiming this wasn't a
bug). But I can see a configure option. Any great ideas on what to call
it's that's clear (other than --DoS-me-harder)? Or maybe even an env var
(could be set by artswrapper --rt-all or some such) so you don't have to
recompile.
>> One remaining issue is whether or not we should attempt to inform the
>> user when priority is dropped that this has occurred, and how to do so
>> (artsmessage? just something on stderr?). Any thoughts on this subject
>> are welcome.
>
> Well, yes, please do. It's a pretty important event, especially if you
> don't retake realtime afterward. And artsmessage would be the thing to
> use, same as with any other arts message.
That was my opinion also. It's really not possible to retake realtime
afterwards (other than restarting the arts server) because as long as we're
assuming the module might have been malicious, it had full access to all
our memory and we don't know what it did that might surface later. Once
compromised, always compromised.
> I'm reminded of when the artsd restart code was restarting artsd without
> realtime.. very annoying.
Heh, I bugged Njaard about that too. not sure why it's still not using
kcminit, but at least it gets realtime right now.
> - --
> Neil Stevens - neil at qualityassistant.com
> "I always cheer up immensely if an attack is particularly wounding
> because I think, well, if they attack one personally, it means they
> have not a single political argument left." - Margaret Thatcher
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE9Ueg6f7mnligQOmERArJ3AJ4qe7x20UlkvpD1Fnx+AUuVjoEzRQCePSa2
> Bp10QHj5/E7mAxkIaEzUIi4=
> =WstA
> -----END PGP SIGNATURE-----
More information about the kde-core-devel
mailing list