At 12:37 AM 8/2/2001 -0700, SRE wrote:
>Note that INDEX_READ_ONLY must be defined to wipe out the write routines.
>The executable WAS different, unlike with your suggestion.
Oh, I just looked at 1.3.2-PHRASE and 2.0.5. In 1.3.2 there are some #ifdef
for INDEX_READ_ONLY but the end result is the same as in 2.0.5 - they are
very similar, just that 2.0.5 uses the file name instead of a #define to
decide what code to execute. It's all still there in 2.1-dev - take a look
at the code.
>Look, I won't try to convince you it's better. You clearly don't
>think so. On the other hand, you appear to have removed a feature
>that others DO think is useful (and for no apparent reason other
>than you don't plan to use it). Is that wise? Is it optimal?
Well, I didn't touch it.
I'm just pointing out that if the process (user) running swish has
permissions to write an index, it doesn't matter if the user is running
swish-e or swish-search because they can just type rm -rf / anyway. If a
CGI user can manage to pass -m or -i to swish when the script isn't suppose
to, then they can probably pass rm -rf /, too.
But like I said. I agree that for sysadmins it's a good feature. "Yes, we
can run the safe version." But for CGI programmers it might provide a
false sense of security. But, of course, programmers that fall into that
thinking probably have other security problems.
Received on Thu Aug 2 13:48:31 2001