$darkmode
Elektra 0.11.0
|
Security is a very important point in libraries. In most use cases there is nearly no point of danger in using Elektra. But some a very security related, especially when you use a daemon or some kind of distributed configuration.
We only use access permissions from the kernel, we do not add an additional layer (or daemon). So configuration file access is as secure as with direct access to configuration files.
Elektra by default guarantees that configuration from specific namespaces come from respective paths in the file system:
dir
-namespace: from current working directoryuser
-namespace: from users home directorysystem
or spec
-namespace: no restrictionsEnvironment variables are usually avoided, but instead Elektra itself is used to configure Elektra. The core is not allowed to use any environment variables.
For some plugins, however, Environment variables are used for better integration in systems. This might be a security risk.
Can be changed using standard CMake ways. Some hints:
https://wiki.debian.org/Hardening
We use Valgrind (--tool=memcheck
) and ASAN (clang+gcc) to make sure that Elektra does not suffer memory leaks and incorrect memory handling.