[sugar] Congratulations! but Sugar sucks

Mikus Grinbergs mikus
Thu Jul 24 14:38:00 EDT 2008


I'm not familiar with the details of the Rainbow implementation, but 
I question this claim:

> Sugar, as it currently stands, is among the least secure operating systems
> ever, far less secure than any modern Linux or Windows OS.  I can easily
> write an Activity that, when run by the user, escalates to root privileges
> and does anything I like with the system.

My understanding was that something called an 'Activity' would be 
assigned its own userid-groupid.  The standard Linux permissions 
would prevent such an 'Activity' from messing up the system.

I agree that "as of this date", the 'su' (or its equivalent) 
provision sucks -- a decision has been made that the kid does not 
have to enter a password,  even if one has been defined for root. 
But that can be improved to not remain the 'least secure ever'.

mikus




More information about the Sugar-devel mailing list