[sugar] Web activity not containerized?

Albert Cahalan acahalan
Sat Dec 22 20:14:16 EST 2007


Michael Stone writes:

> On Sat, Dec 22, 2007 at 11:29:40PM +0100, Bert Freudenberg wrote:

>> Why not simply run it as the same (non-olpc) user every time?
>>
>> - Bert -
>
> I don't personally want to provide such an option
> because I consider it prone to abuse.

I'm not seeing much of a problem here.

Running an activity as the same user every time will not offer
a way for that activity to attack any other activity. This should
be the major concern.

If an activity opens itself up for attack, then the author of
that activity doesn't get a gold star. The activity is not a
good example to learn from. In general though, the activity is
not a problem. There is no critical need to protect activities
from themselves.

(actually the browser is special, but nobody has proposed to
start a new instance for each web site visited -- the browser
is already handling multiple security contexts under one UID)

There is a minor benefit. For example, sharing one instance of
a buggy activity should not expose an unshared instance of that
activity to attack. Thus, distinct UID is a good default.

Letting the *.xo file request a single UID is a good idea.
This helps get initial ports running.



More information about the Sugar-devel mailing list