[Sugar-devel] [IAEP] A security vs. functionality question
Luke Faraone
luke at faraone.cc
Thu Aug 6 14:59:05 EDT 2009
On Thu, Aug 6, 2009 at 14:28, Benjamin M. Schwartz <bmschwar at fas.harvard.edu
> wrote:
> Is sharing an activity a sufficient indication of intent from the user to
> execute a potentially dangerous action, such as sharing Terminal on a
> public collaboration server? To activate a remote VNC client in Gnome,
> users must fill out this settings panel:
> http://www.bani.com.br/wp-content/uploads/2007/11/vino-p-g.png . Unlike
> an Activity, though, once those settings are made, the desktop is
> permanently shared. An Activity can easily be stopped by a single click
> at any time.
>
A malicious attacker can type at speeds which would allow malicious commands
to be injected without the user noticing until it is "too late".
Also, there is no method for "limited sharing".
--
Luke Faraone
http://luke.faraone.cc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sugarlabs.org/archive/sugar-devel/attachments/20090806/2bf9e233/attachment.htm
More information about the Sugar-devel
mailing list