[sugar] Integration with web apps (and Moodle specifically!)

Ian Bicking ianb
Mon Sep 4 16:32:59 EDT 2006


Ivan Krsti? wrote:
>> peer-to-peer code sharing that isn't entirely trusted (and I'm not sure
>> how feasible that is) then we'll need to really consider the security of
>> those communications.
> 
> It seems like the Sugar guys want to do this, but they're not providing
> a security model, nor an explanation of how they're addressing it.
> They're implementing mobile agents, and well, the security industry
> learned in the '90s that mobile agents don't work well at all. So, I'd
> like to see some careful thought about security from them really soon,
> or I'll be screaming murder.

Brett Cannon has been doing some work on a Python interpreter that has 
limited capabilities; i.e., the entire interpreter is hobbled so it 
can't open files or do anything to effect the system, unless (I think) C 
modules are specifically loaded to give it abilities.  Kind of how 
Javascript works.  At least, I think Brett has been working on something 
like that.  I don't know the status.  I'll copy him to find out.

With RPC and some security around RPC, this could be a useful strategy. 
  I'm not sure if PyGTK would be safe enough to expose to untrusted code 
-- it seems like it's exposing a lot, and I don't know if GTK is robust 
enough or written with that kind of use in mind.  Providing higher-level 
known-safe interfaces would be possible, but using a restricted 
interpreter you couldn't write those higher level interfaces in Python. 
  They'd either have to be out-of-process (back to RPC, and I don't know 
if writing a GUI app over RPC is reasonable), or the higher level 
interfaces would have to be written in something like C or Pyrex.  Which 
may be feasible.

Running untrusted code is very interesting, but also scary.  OTOH, 
anything we can do to make untrusted Python code possible also could be 
helpful as an introductory environment where children can safely 
experiment with little danger of causing problems with their system.


-- 
Ian Bicking | ianb at colorstudy.com | http://blog.ianbicking.org


More information about the Sugar-devel mailing list