[haiku-development] Re: Testers needed for updated notification_server
- From: Axel Dörfler <axeld@xxxxxxxxxxxxxxxx>
- To: haiku-development@xxxxxxxxxxxxx
- Date: Tue, 31 Jan 2017 08:57:33 +0100
Am 31/01/2017 um 08:41 schrieb Humdinger (Redacted sender humdingerb for
DMARC):
But as Axel pointed out, it's behaving as planned.
For security reasons? Launching by signature would start any old app
with that sig. OTOH, if you can make the users blacklist the server,
you can get them execute your trojan directly too...
It's not for security reasons; but if you explicitly specify a path for
the executable, you have any right to assume that it will use that :-)
Since the system knows exactly where to find its executables, it's
cheaper to launch them by path than to launch them by query -- the
latter just doesn't make much sense in this use case.
However, as I said, you can always overwrite existing services in your
settings files easily if you want to replace a system server.
Bye,
Axel.
Other related posts: