[Sugar-devel] [IAEP] A security vs. functionality question

Luke Faraone luke at faraone.cc
Thu Aug 6 14:59:05 EDT 2009


On Thu, Aug 6, 2009 at 14:28, Benjamin M. Schwartz <bmschwar at fas.harvard.edu
> wrote:

> Is sharing an activity a sufficient indication of intent from the user to
> execute a potentially dangerous action, such as sharing Terminal on a
> public collaboration server?  To activate a remote VNC client in Gnome,
> users must fill out this settings panel:
> http://www.bani.com.br/wp-content/uploads/2007/11/vino-p-g.png .  Unlike
> an Activity, though, once those settings are made, the desktop is
> permanently shared.  An Activity can easily be stopped by a single click
> at any time.
>


A malicious attacker can type at speeds which would allow malicious commands
to be injected without the user noticing until it is "too late".
Also, there is no method for "limited sharing".
-- 
Luke Faraone
http://luke.faraone.cc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sugarlabs.org/archive/sugar-devel/attachments/20090806/2bf9e233/attachment.htm 


More information about the Sugar-devel mailing list