On Tue, Jun 9, 2009 at 5:07 AM, Bruno Haible<br...@clisp.org> wrote: > Sam Steingold wrote: >> >> down with the nannies! >> let us assume that I threw in the anti-totalitarian-programming >> diatribe here. :-) > > I call it collaborative programming: I program something, and users report > bugs, until the code gets better. :-)
this has nothing to do with collaboration and everything to do with forcing inappropriate behavior on the users of your code. >> you could easily make it suitable for libraries too by returning an >> exit code > > The point is not the return code. It's about the amount of things that > you have to check in order to be sure that you are not distributing a > security vulnerability. > > For the idpriv-drop module the doc says (thanks James!): > > Note: There may still be security issues if the privileged task puts > sensitive data into the process memory or opens communication channels > to restricted facilities. > > For the idpriv-droptemp module it's even worse: > > there are additionally the dangers that > - Any bug in the non-privileged part of the program may be used to > create invalid data structures that will trigger security > vulnerabilities in the privileged part of the program. > - Code execution exploits in the non-privileged part of the program may > be used to invoke the function that restores high privileges and then > execute additional arbitrary code. > > In the situation of a library you cannot foresee, not even check, the > possible interactions of the sensitive data structures and the code outside - > because by definition, the code outside is not limited to your source > repository. > > That's why these two modules make sense only in executables, and the second > one only in *small* executables which you completely overlook. blah-blah-blah. so, you are _intentionally_ making your code useless to me because you _think_ it is not appropriate for me to use it. the net result is that I will be using a worse piece of code instead of your good code, and my users will be _less_ secure as a result of your grandstanding. -- Sam Steingold <http://sds.podval.org>
