[sugar] Congratulations! but Sugar sucks
Mikus Grinbergs
mikus
Thu Jul 24 14:38:00 EDT 2008
I'm not familiar with the details of the Rainbow implementation, but
I question this claim:
> Sugar, as it currently stands, is among the least secure operating systems
> ever, far less secure than any modern Linux or Windows OS. I can easily
> write an Activity that, when run by the user, escalates to root privileges
> and does anything I like with the system.
My understanding was that something called an 'Activity' would be
assigned its own userid-groupid. The standard Linux permissions
would prevent such an 'Activity' from messing up the system.
I agree that "as of this date", the 'su' (or its equivalent)
provision sucks -- a decision has been made that the kid does not
have to enter a password, even if one has been defined for root.
But that can be improved to not remain the 'least secure ever'.
mikus
More information about the Sugar-devel
mailing list