[openbeos] Re: OBOS Security
- From: "Michael Phipps" <mphipps1@xxxxxxxxxxxxxxxx>
- To: openbeos@xxxxxxxxxxxxx
- Date: Wed, 07 Aug 2002 21:48:41 -0400
>On Wed, 7 Aug 2002, Brian Matzon wrote:
>
>> FYI:
>> http://security.tombom.co.uk/shatter.html
>>
>> Rather interresting flaw, which makes it possible to send any message to
>> any window, and then exploiting it.
>>
>> Much like Hey, and Scripting ;)
>>
>> I am intentionaly sending this to the OBOS list instead of GE, since
>> this could be something we'd like to change for R1.
>
>This doesn't really make any sense for R1. The logged in user is always
>root, so there is actually no need for any hacker to elevate their
>privileges.
>
>For real multi-user, there are a couple of security issues to deal with,
>and ports (on which messaging is based) are one of them. One could for
>instance restrict sending data to/reading them from ports to teams with
>sufficient rights. This will require some further thoughts about daemons
>like the app_server or the registrar, which (at least the former) will
>need root privileges, but will also need to communicate with user apps.
And even more. How about this little piece of code:
area_id foo=find_area("stacks of super_secret_app");
char *minePointer;
area_id myFoo=clone_area("mine",&minePointer,B_ANY_ADDRESS,B_READ_AREA,foo);
area_info info;
get_area_info (myFoo,&info);
for (int t=0;t<info.size;t++)
printf ("02x",minePointer[i]);
That is far more of a security risk than most anything else...
>However, unless I misinterpret Michaels answer to a multi-user related
>question in the IRC Q&A session, *real* multi-user isn't a goal for OBOS
>anyway (though I personally think, that's a pity).
Real multi-user just does not make sense in a world where you can get a
super fast box for a few hundred dollars. It made sense in 1975. But not in
2005. Certainly, people share PCs. But people will, IMHO, rarely use one
PC to log into another that someone else is using. That is the functionality
that I don't think we need.
Other related posts:
