[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MiNT] Security again

To: Jörg Westheide <Joerg_Westheide@su.maus.de>
Subject: Re: [MiNT] Security again
From: "Konrad M. Kokoszkiewicz" <draco@obta.uw.edu.pl>
Date: Mon, 15 Nov 1999 15:49:42 +0100 (CET)
Cc: mint@gfanrend.fishpool.fi
In-reply-to: <199911102017.a13529@su.maus.de>
Sender: owner-mint@gfanrend.fishpool.fi

Hi Joerg,

(sorry for not using umlauts, but I am unable to make them with this
keyboard)

> KMK>what TSRs are still in use in MiNT systems
> On my machine:
> 
> BoxKite
> NVDI
> Calvino

This is off topic, but what is Calvino? :-)

> WDialog

Hm...

> KMK>- other programs have own copies of cookie jar, which can be
> KMK>read/written freely, despite the fact that writing of course has no
> KMK>effect
> Then writing to the jar is of no use.

Of course. The point of the proposal was to fix the security hole (or: to
make it fixable, which is not quite the same) with keeping the
compatibility with old application software (which could search things in
the CJar) and system software like AES (F_OS_SPECIAL, which could write to
global cookie jar inherited by apps in form of copies), but of course, not
keeping the original CJar functionality (like *everyone* can write stuff
to it and it means anything).

> The important thing of the jar is that it is an interface to provide
> informations to other programs.

Uhm, yes. My proposal does not quite break this function of the cookie jar
(unless you load a TSR from the desktop, but well, this problem is also
solveable, by making an update of the global cookie jar with the contents
of private jar attributed to the TSR, when this one calls Ptermres()).

> KMK>- and the TSR programs are in readable or super mem
> There are TSRs which provide code to other programs via the cookie interface.
> This code could modify TSR local variables in user mode.

Yes, that is a real problem.

> KMK>In other words, does this proposal make any sense.
> IMO: no

Well, I am still not convinced ... :)

Gtx,

--
Konrad M.Kokoszkiewicz
|mail: draco@atari.org                  |  Atari Falcon030 user   |
|http://www.obta.uw.edu.pl/~draco/      | Moderator gregis LATINE |
|http://draco.atari.org                 |       (loquentium)      |

** Ea natura multitudinis est,
** aut servit humiliter, aut superbe dominatur (Liv. XXIV,25)
*************************************************************
** U pospolstwa normalne jest, ze albo sluzy ono unizenie,
** albo bezczelnie sie panoszy.

Follow-Ups:
- [MiNT] Security again
  - From: Joerg_Westheide@su.maus.de (Jörg Westheide)

References:
- [MiNT] Security again
  - From: Joerg_Westheide@su.maus.de (Jörg Westheide)

Prev by Date: Re: [MiNT] Security again
Next by Date: RE: [MiNT] Was: /proc, will be: /sys
Previous by thread: [MiNT] Security again
Next by thread: [MiNT] Security again
Index(es):
- Date
- Thread