[sugar] [OLPC Security] Web activity not containerized?
Michael Stone
michael
Sat Dec 22 21:33:43 EST 2007
On Sat, Dec 22, 2007 at 09:15:02PM -0500, Marcus Leech wrote:
> The activity that I "fear" the most from the point of view of getting
> "compromised" (that is, remote-code-execution)
> is Browse. And our band-aid is to de-isolate it. I understand *why*,
> but it still seems a little nausea-making to me.
Help me get out from under #5033 in a reasonably solid fashion and I'll
be happy to devote more energy toward finding a solution for #5489 that
makes us happy.
My approach thus far is available at
http://dev.laptop.org/git/users/mstone/nss-rainbow
Progress has been slow to date because the API is not very well
documented, I'm paranoid about memory errors, and I'm even more paranoid
about concurrency.
(Note: I also considered libnss-sqlite but decided that since
a) it looked rather unmaintained to me, and
b) I'm not a proficient SQL writer,
it would be unlikely to lead to any productivity gain if I'm doing the
implementation.)
Michael
More information about the Sugar-devel
mailing list