gconf brain death (was Re: [linux-elitists] Yet another mozilla atrocity)

Jason Spence jspence@lightconsulting.com
Wed Oct 1 03:30:54 PDT 2003


On Wed, Oct 01, 2003 at 08:12:04PM +1000, Tim Potter wrote: 
> On Wed, Oct 01, 2003 at 11:03:53AM +0100, Peter Whysall wrote:
> 
> > The GConf database is *nothing* at all like the Windows Registry apart
> > from the fact that it's tree-structured. There are no operating system
> > values in it, it's not binary data, there's no GUIDs, it doesn't handle
> > filetypes, etc, etc.
> 
> Since no-one else has pointed it out and I have just remembered, there
> is also a security descriptor on every registry key.

Actually, pretty much every kernel object (mutexes, named pipes,
files, com instances, etc) has a SD.  However, the vast majority are
inherited from a root object or they default to a hard coded SD
somewhere; there isn't space allocated for a SD for every single
registry key.  XP's regedit has a field in the advanced security
dialog for viewing the source of the inherited permissions, if you're
interested.  You'll note that most of the keys inherit from their
corresponding root hive, and there are few examples of SDs associated
with non-root keys.

The merits of being able to have that kind of fine-grained control
over access rights to configuration options is debatable (I personally
have never needed it and can't ever really seeing myself using it) but
I think real sin is forcing the security stuff to be mandatory
parameters to the Reg* APIs.  Most of the Win32 API is like that,
actually.  I don't know if it's my unix background or what, but I'm of
the opinion that all that stuff should be accessible via a separate
API call or an Ex function.  I'm not sure at all that making it
mandatory increases "security".  The majority of the code I've seen
just uses ~0, NULL, or MAXIMUM_ALLOWED...

-- 
 - Jason                            Currently at: Somewhere on the Internet ()

Honk if you love peace and quiet.



More information about the linux-elitists mailing list