|
| From: | Riccardo Mottola |
| Subject: | Re: GNUstep introduces a serious security problem |
| Date: | Tue, 17 Mar 2009 23:32:40 +0100 |
| User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.19) Gecko/20090313 SeaMonkey/1.1.14 |
Hello Torli,Objective-C doesn't handle "IO" differently than C: it uses system calls. So I don't see any "obvious" problems. Without further knowing your code, I think either you hit an operating system bug or misconfiguration or your bug is of different nature than what your are saying.
Please provide a simple example. Regards, Riccardo Torli Birnbauer wrote:
I have just started to learn the GNUstep's development environment and I
have in my very first program stumbled across a serious security problem
in the way Objective-C handles IO. Obviously, Objective-C does not
honour Unix file permissions. You can reproduce this problem on
Unix/Linux systems by setting {{ chmod 000 /some/dir/your.data }}, and
then run the example program in the GNUstep documentation page (Base
Programming Manual/The Objective-C Language) under "2.8.5 Loading and
Saving Strings" by setting the path to {{ /some/dir/your.data }}.
Torli
| [Prev in Thread] | Current Thread | [Next in Thread] |