What's interested me is how this thread has almost looped back to a recent thread on that steaming heap of brown stuff know as GTK and the attitude of the programmers behind it.

I had a similar problem a few years ago whiich I wanted to solve by putting the passwords in an external file and using file permissions to hide it from the bad guys. The file could be owned and only readable by root, or better some ordinary user. The preferred solution was to make it read/write a non-login user and read only to a group but no one else. Users had to be members of the group to read it. Better still was to make the program setgid to that group, allowing anyone who could run the program (and login into the database) to get access to the password controlled info without being able to actually read the password themselves.

However, GTK gets in the way of this because some bozo GTK developer thinks they should police use of setuid and setgid from GTK and will raise an exception if run from a setgid program. Google "gtk setgid" for examples. I can't see a security problem from setgid to a normal group - to me its a security mechanism, but you try telling that to the GTK team.

Read http://www.gtk.org/setuid.html for an example of some incredibly muddled thinking. They make the point here that GTK is (too) complex and difficult to analyse hence setuid (and setgid) is bad on the grounds that no one knows how it could be mis-used. They then recommend writing an setuid backend in such situations, without recognising that all they have done is to move a problem rather than solve it. I wanted my program to be setgid so that only it could access privileged information. If I write a setgid backend program now I have to find a way of authenticating my GTK frontend to my backend.... (Oh perhaps I should have an embedded password).

The point is that while it is reasonable for a developer to give guidance on what is good practice, actively stopping a user from using your code in a way that you do not approve is not just stupid and contemptuous of your users, it can actually get in the way of the right solution to a problem that you do not know about.

Assuming that this problem still exists in GTK2, it may get in the way of what otherwise could be a good way to solve the original problem in this thread.

Tony

On 13/07/16 08:31, Mark Morgan Lloyd wrote:
Michael Van Canneyt wrote:
On Tue, 12 Jul 2016, Mark Morgan Lloyd wrote:

Please excuse one of my regular silly questions. Elsewhere, a (former) Delphi programmer is uneasy having found that his binaries have had embedded SQL queries, passwords and so on visible "in clear" for the last 20 years or so.

Can FPC be told to obfuscate ResourceStrings?

No. The default value for resourcestrings is stored as-is in the binary.

To solve this, I store the username/password encrypted in the binary as consts, and they are decrypted when needed.

Sometimes it's difficult to avoid having to do that sort of thing, or obfuscating them in an external file.


_______________________________________________
fpc-pascal maillist  -  fpc-pascal@lists.freepascal.org
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal

Reply via email to