[sugar] [OLPC Security] Web activity not containerized?
C. Scott Ananian
cscott
Sun Dec 23 17:00:02 EST 2007
On Dec 22, 2007 9:33 PM, Michael Stone <michael at laptop.org> wrote:
> On Sat, Dec 22, 2007 at 09:15:02PM -0500, Marcus Leech wrote:
> > The activity that I "fear" the most from the point of view of getting
> > "compromised" (that is, remote-code-execution)
> > is Browse. And our band-aid is to de-isolate it. I understand *why*,
> > but it still seems a little nausea-making to me.
>
> Help me get out from under #5033 in a reasonably solid fashion and I'll
> be happy to devote more energy toward finding a solution for #5489 that
> makes us happy.
>
> My approach thus far is available at
>
> http://dev.laptop.org/git/users/mstone/nss-rainbow
>
> Progress has been slow to date because the API is not very well
> documented, I'm paranoid about memory errors, and I'm even more paranoid
> about concurrency.
>
> (Note: I also considered libnss-sqlite but decided that since
> a) it looked rather unmaintained to me, and
> b) I'm not a proficient SQL writer,
> it would be unlikely to lead to any productivity gain if I'm doing the
> implementation.)
I recommended in the comments to 5033 that, for update.1, we simply
move /activities to /security/activities and log the user/group
additions to a file in /security. olpc-configure can replay the log
on upgrade. This can be done in python, preventing memory errors, and
the log additions are easy to make atomic with lockf.
--scott
--
( http://cscott.net/ )
More information about the Sugar-devel
mailing list