[sugar] Re: DOS via D-Bus

[Bert Freudenberg]

On Mar 22, 2007, at 0:26 , John (J5) Palmieri wrote:

> On Thu, 2007-03-22 at 00:14 +0100, Bert Freudenberg wrote:
>> On Mar 20, 2007, at 19:08 , John (J5) Palmieri wrote:
>>
>
>> Well, SJ asked for simple etoy project launching by clicking on a
>> link in a web page. And when that project is run, it can execute
>> arbitrary Squeak code, so without specific counter-measures it could
>> freely access d-bus. It's pretty much as if you'd download and
>> execute arbitrary Python code.
>>
>> Before loading a foreign project we enable the squeak sandbox, which
>> for example limits file access to one specific scratch directory. A
>> project is considered foreign if it was not signed with the users
>> private key (this is the key that is generated when running etoys for
>> the first time). So if you're saying restricting d-bus access would
>> still be valuable, we could arrange that only a specific set of d-bus
>> messages could be sent or received once the sandbox is enabled.
>
> If we used SELinux this would be easy.  We would simply confine any
> remote app and define system wide rules to what dbus interfaces and
> names they could access.  This should not be done by the squeak  
> sandbox.
> If we have vserver and the vserver guys get me the patch to D-Bus this
> should be possible also.

Cool - one thing less to worry about for us then :)

- Bert -