[tahoe-dev] Fwd: [cap-talk] Don't put capabilities in argv?
Rob Meijer
capibara at xs4all.nl
Tue Jul 22 11:23:17 PDT 2008
On Tue, July 22, 2008 02:27, zooko wrote:
> > For these two, I learned this lessen the hard way that having a race
> > condition means having an expoitable race condition. Don't spent
> > precious development time or recources and/or add complexity to your
> > program to 'reduce the window', it is simply not woth it IMHO.
>
> Could you tell us more about what you learned the hard way? It sounds
> plausible to me that a narrow window of vulnerability could lead to
> trouble, but I would like to know to what degree it actually did lead
> to trouble in practice.
In my experience it seems that code designed to 'reduce the window' will:
* hide the flaw from regular users.
* not provide a real obstacle for someone wanting to exploit the
remaining race condition.
* reduce the general maintainability of the codebase by adding hard to
understand code.
Rob
More information about the tahoe-dev
mailing list