[Sugar-devel] [FEATURE] [DESIGN] Frame Panels
michael at laptop.org
Thu Dec 17 11:39:29 EST 2009
>>> Yes, but what about security? Right now the shell process only
>>> executes code in /usr, executing activities in a separate process.
>> Executing activities in separate processes provides no security
>> benefit unless the resulting processes are in some way isolated from the rest
>> of the system.
>Maybe I'm missing something here, but /usr read-only to the user, thus
>isolated from the running Sugar shell. Only root can add and modify
A couple of points for you:
* I'm still working from the statement of end-user security goals outlined in
* Access to root is usually unnecessary for violating these security goals.
Access to any of ~/.bashrc, ~/.xsession, ~/bin, /tmp, ".", ~/Desktop, the
browser cookie store, the X server, or the network usually suffices.
* Access to one process of uid A gives access to essentially all processes of
uid A via ptrace(). ptrace() also makes it quite easy to hide what's going
* You need to worry about both malicious extensions and benign-but-vulnerable
extensions. You als need to worry about them in different ways.
Are we still talking past one another?
More information about the Sugar-devel