[Dev] Security of a Chandler installation
Heikki Toivonen
heikki at osafoundation.org
Tue Aug 30 15:12:27 PDT 2005
It is conceivable that someone might want to install a read-only
installation of the Chandler executable and deny users the ability to
run with extensions.
Right now this is not possible without changing the code.
I know of at least the following ways you can tamper with a Chandler
instance about to start:
* command line argument --parcelPath (or -p)
* command line argument --profileDir (or -P)
* command line argument --restore (or -r)
* command line argument --scriptFile (or -f)
* environment variable PARCELPATH
and to some extent
* --locale (or -l)
* --create (or -c)
* --createData (or -C)
Also, if users have any access to the profile directory outside of
Chandler, they could manually change their repository. Potentially the
only way around this would be to run with --ramdb (or -d).
Finally, since Chandler can be started with an internal webserver this
opens another road into Chandler. I don't think we have looked at this
from security perspective yet. So add --webserver (or -W) to the
potentially unsecure startup options.
--
Heikki Toivonen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 253 bytes
Desc: OpenPGP digital signature
Url : http://lists.osafoundation.org/pipermail/dev/attachments/20050830/7556fb07/signature.pgp
More information about the Dev
mailing list