[Sugar-devel] [IAEP] A security vs. functionality question
Benjamin M. Schwartz
bmschwar at fas.harvard.edu
Thu Aug 6 15:02:49 EDT 2009
Luke Faraone wrote:
> A malicious attacker can type at speeds which would allow malicious commands
> to be injected without the user noticing until it is "too late".
Certainly. Also, the system is implemented using GNU Screen, which
permits multiple parallel terminals. This is a very useful feature, but
it also means that someone may be typing in a different shell from the one
you're looking at.
I merely mean that users are less likely to leave such a shared activity
> Also, there is no method for "limited sharing".
Perhaps you are not aware of the Invitations mechanism? I can invite
people to an activity, and only those whom I have invited are aware of its
existence. Invitations were admittedly not very reliable in older
software versions; I haven't tried them recently.
I'm not precisely sure to what degree sharing scope is enforced by Telepathy.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: OpenPGP digital signature
Url : http://lists.sugarlabs.org/archive/sugar-devel/attachments/20090806/9e97bf8b/attachment.pgp
More information about the Sugar-devel