LinuxLock.org: Interview with Jasta: coder of GnapsterAug 04, 2000, 15:34 (0 Talkback[s])
[ Thanks to Chris Carella for this link. ]
"Since the invention of Napster, Peer to Peer sharing has been on all of our security concious minds... Is this safe? Can this program allow my network to be comprimised? Was security an issue when these Apps were created? Well, with all the news surrounding Napster we decided to get the scoop on the World's favorite peer to peer app, and of course we did it with a Linux Spin... we interviewed Jasta, creator of Gnapster, the gnome napster client, an linux hero (in the sense that he brought a good Napster client to us Linux users), about the security concerns of Gnapster/Napster, the feedback of Open Source security hackers, and how much he thought about security when coding Gnapster."
"Linuxlock: Did you have security in mind when you were coding Gnapster?
Jasta: Actually, when I first started coding Gnapster I didn't really have anything in mind but trying to replace that god awful closed source console nap client. As the development went on I became more and more aware of things like security, coding style, and portability."
"Linuxlock: Have you gotten any feedback about security from the community?
Jasta: Well, as I'm sure you know, Gnapster made headlines on Security Focus because of a remote exploit that enabled users to view arbitrary files on the system so long as the user that ran Gnapster could access it. This problem was easy to overlook because when a request comes in I initially assumed (protocol standard) that the server had already authorized the request. A security specialist brought it to my attention that this could be remotely exploited and I immediately released a new version with the fix (even before it was on security focus). Any security-conscious individual would not be affected ;)"