[Tech] Proposed solution to FCP security issues
toad
toad at amphibian.dyndns.org
Thu Nov 2 19:54:27 UTC 2006
How about the following?:
1. Any FCP connection not from localhost is automatically set to
untrusted mode.
2. The user may set a flag indicating that all connections are
untrusted.
3. The user may create one or more username/password pairs for
authorized access. These are kept in a file readable only by the user
running the node:
username:password:keywords
"keywords" contains a list of keywords (config, read-disk, write-disk,
etc).
I have considered specific limitations on where in the local filesystem
files can be downloaded to / uploaded from. I'm not convinced that this
is Freenet's job; if you have untrusted local users (and maybe even if
you don't), you should run Freenet in a chroot. And if the attacker has
filesystem access, he can create symlinks etc (which java cannot deal
with). It is impossible for us to for example fork a subprocess which
then setuid's to the user in question. So I say we shouldn't get into
that, since we can't do it well.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://emu.freenetproject.org/pipermail/tech/attachments/20061102/d1285a84/attachment.pgp
More information about the Tech
mailing list