[tahoe-dev] up with filesystems! up with the web!
David-Sarah Hopwood
david-sarah at jacaranda.org
Thu Dec 31 13:38:36 PST 2009
David-Sarah Hopwood wrote:
> Chimpy McSimian IV, Esq. wrote:
>> Also, I think users *do* understand filesystems pretty well.
>
> They understand some subset of filesystem semantics, but most users
> don't understand the edge cases. Also, many programmers don't understand
> them, which leads them to write code that is insecure when these cases
> occur (e.g. symlink race conditions).
I should add that it is rather difficult to write code that is secure
against such attacks even if you *do* understand filesystem semantics.
But if you don't, then there's no chance.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
Url : http://allmydata.org/pipermail/tahoe-dev/attachments/20091231/e4408f1b/attachment.pgp
More information about the tahoe-dev
mailing list