[ Thanks to Chris
Carella for this link. ]
“Since the invention of Napster, Peer to Peer sharing has been
on all of our security concious minds… Is this safe? Can this
program allow my network to be comprimised? Was security an issue
when these Apps were created? Well, with all the news surrounding
Napster we decided to get the scoop on the World’s favorite peer to
peer app, and of course we did it with a Linux Spin… we
interviewed Jasta, creator of Gnapster, the gnome napster client,
an linux hero (in the sense that he brought a good Napster client
to us Linux users), about the security concerns of
Gnapster/Napster, the feedback of Open Source security hackers, and
how much he thought about security when coding Gnapster.”
“Linuxlock: Did you have security in mind when
you were coding Gnapster?
Jasta: Actually, when I first started coding
Gnapster I didn’t really have anything in mind but trying to
replace that god awful closed source console nap client. As the
development went on I became more and more aware of things like
security, coding style, and portability.”
“Linuxlock: Have you gotten any feedback about
security from the community?
Jasta: Well, as I’m sure you know, Gnapster
made headlines on Security Focus because of a remote exploit that
enabled users to view arbitrary files on the system so long as the
user that ran Gnapster could access it. This problem was easy to
overlook because when a request comes in I initially assumed
(protocol standard) that the server had already authorized the
request. A security specialist brought it to my attention that this
could be remotely exploited and I immediately released a new
version with the fix (even before it was on security focus). Any
security-conscious individual would not be affected ;)”