[sugar] [OLPC Security] Web activity not containerized?

[C. Scott Ananian]

On Dec 22, 2007 9:33 PM, Michael Stone <michael at laptop.org> wrote:
> On Sat, Dec 22, 2007 at 09:15:02PM -0500, Marcus Leech wrote:
> > The activity that I "fear" the most from the point of view of getting
> > "compromised" (that is, remote-code-execution)
> >   is Browse.  And our band-aid is to de-isolate it.  I understand *why*,
> > but it still seems a little nausea-making to me.
>
> Help me get out from under #5033 in a reasonably solid fashion and I'll
> be happy to devote more energy toward finding a solution for #5489 that
> makes us happy.
>
> My approach thus far is available at
>
>   http://dev.laptop.org/git/users/mstone/nss-rainbow
>
> Progress has been slow to date because the API is not very well
> documented, I'm paranoid about memory errors, and I'm even more paranoid
> about concurrency.
>
> (Note: I also considered libnss-sqlite but decided that since
>   a) it looked rather unmaintained to me, and
>   b) I'm not a proficient SQL writer,
> it would be unlikely to lead to any productivity gain if I'm doing the
> implementation.)

I recommended in the comments to 5033 that, for update.1, we simply
move /activities to /security/activities and log the user/group
additions to a file in /security.  olpc-configure can replay the log
on upgrade.  This can be done in python, preventing memory errors, and
the log additions are easy to make atomic with lockf.
 --scott
-- 
                         ( http://cscott.net/ )