Chapter Seventeen. Security
IF I HAD a nickel each time somebody asked for a feature that was a security hole ...
I’d have a lot of nickels.
We begin this chapter by looking at features that are actually security holes and then move on to other security-related matters.
World-writable files
“I WANT A file that all users can write to. My program will use it as a common database of goodies.”
This is a security hole. For a start, there’s an obvious denial-of-service attack by having a user open the file in exclusive mode and never letting go. There’s also a data-tampering attack, where the user opens the file and writes zeros all over it or merely alters the data in subtle ways. Your music index suddenly lost all its Britney Spears songs. (Then ...
Get The Old New Thing: Practical Development Throughout the Evolution of Windows now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
