> 3. Is the XML library a security risk? Would it be ok use it for
> configuration
> storage/processing?
Fedora libxml2 security advisory:
http://lwn.net/Articles/108832/
If the config files are only editable by root anyway, then there
isn't any additional exposure. If a privileged process is
reading XML files generated by non-privileges users, then there
is the potential of a privilege-elevation attack (maybe not with
this particular vulnerability, but there could be others).
I'd say if you don't need the flexibility and structure of an
XML format, go with the simpler shell script setting env vars
format.
Later,
Kenn
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
