Feature #71
Security mechanism for the configuration database
| Status: | Closed | Start: | 10/11/2009 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | 09/10/2010 | |
| Assigned to: |  Eduard Burtescu |
% Done: | 100% |
|
| Category: | Security | Spent time: | - | |
| Target version: | Foster Post-Release Milestone #1 | Estimated time: | 4.00 hours |
Description
Currently it is possible for any application in userspace to successfully run any query they like on the configuration database. This is incredibly insecure.
I would like to see a method through which only certain users are allowed full access to the configuration database. Additional protection still needs to be added to queries being run from userspace (checking for anything from buffer overflows to injection attacks). This fits in with the concept of the database being a core component of the operating system.
History
Updated by Matthew Iselin about 1 year ago
- Due date set to 09/10/2010
- Category set to Security
- Status changed from New to Assigned
- Assigned to set to Eduard Burtescu
- Target version set to Foster Post-Release Milestone #1
- Estimated time set to 4.00
Updated by Eduard Burtescu about 1 year ago
- % Done changed from 0 to 50
Now database access is restricted to root only (TUI can read its theme data because it's started as root).
However, we must find a way to deal with other applications. One database/application sounds reasonable.
Updated by Eduard Burtescu about 1 year ago
- Status changed from Assigned to Closed
- % Done changed from 50 to 100