[IAEP] A security vs. functionality question
Gary C Martin
gary at garycmartin.com
Thu Aug 6 17:38:25 EDT 2009
Hi Benjamin,
On 6 Aug 2009, at 19:28, Benjamin M. Schwartz wrote:
> To engineers:
> Is sharing an activity a sufficient indication of intent from the
> user to
> execute a potentially dangerous action, such as sharing Terminal on a
> public collaboration server? To activate a remote VNC client in
> Gnome,
> users must fill out this settings panel:
> http://www.bani.com.br/wp-content/uploads/2007/11/vino-p-g.png .
> Unlike
> an Activity, though, once those settings are made, the desktop is
> permanently shared. An Activity can easily be stopped by a single
> click
> at any time.
This seems _highly_ risky to me, and have a fairly low usability value
as is.
How are two (or more!) remote individuals expected to co-operate and
share the same command line and not mess up? I can see value in a
split screen where everyone can see the terminal text, with the split
screen acting as a chat session, but only the owner able to type in
the command line area. That way one or more buddies can watch and
assist the owner performing some task.
FWIW: Terminal is special cased, even in Rainbow, anyone can sudo; rm -
rf / and wipe the lot.
Regards,
--Gary
More information about the IAEP
mailing list