[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: New method to load user bundles
From: |
Jeff Teunissen |
Subject: |
Re: New method to load user bundles |
Date: |
Mon, 02 Jun 2003 12:28:37 -0400 |
Martin Brecher wrote:
[snip]
> Pascal Bourguignon wrote:
> |
> |
> | Yes, this is very important. A whole class of viruses and malware on
> | MacOS could run this way, merey being present in some resource files,
> | because the system would open them automatically and they would shadow
> | application resources.
> |
> | You cannot let code being automatically loaded and run like that!
> |
> | If we allow the user to configure such a GSAppKitUserBundles, that
> | means that he could download unconspiciously some malware doing the
> | same. Then a suid application should have the mean to protect itself
> | from such malware.
> |
>
> Personally, I don't see why this defaults value gets that much security
> related attention now.
This isn't security-related attention.
Everybody knows that if you load bundles, you are giving away the keys to
the castle -- that's why you don't load them in certain apps, and would
have to be a damn fool to do so.
This takes that decision away from authors. With GSAppKitUserBundles, you
have no choice. You have no way to "secure" any application from
modification, because the user can rewrite your application. No copy
protection, because it can be bypassed with bundles. It effectively
eliminates the possibility for closed-source GNUstep desktop software to
exist.
But hey, if you want that, go ahead. I thought some of you wanted more
support, though.
[snip]
--
| Jeff Teunissen -=- Pres., Dusk To Dawn Computing -=- deek @ d2dc.net
| GPG: 1024D/9840105A 7102 808A 7733 C2F3 097B 161B 9222 DAB8 9840 105A
| Core developer, The QuakeForge Project http://www.quakeforge.net/
| Specializing in Debian GNU/Linux http://www.d2dc.net/~deek/
- Re: New method to load user bundles,
Jeff Teunissen <=
- Re: New method to load user bundles, Tobias, 2003/06/02
- Re: New method to load user bundles, Jeff Teunissen, 2003/06/03
- Re: New method to load user bundles, Alexander Malmberg, 2003/06/03
- Re: New method to load user bundles, Chris Beaham, 2003/06/05
- Re: New method to load user bundles, Richard Frith-Macdonald, 2003/06/05
- Re: New method to load user bundles, Chris Beaham, 2003/06/05
- Re: New method to load user bundles, David Ayers, 2003/06/05
- Re: New method to load user bundles, Richard Frith-Macdonald, 2003/06/05
- Re: New method to load user bundles, David Ayers, 2003/06/05
Re: New method to load user bundles, Nicolas Roard, 2003/06/02