[Sugar-devel] [GSoC] progress report

Benjamin M. Schwartz bmschwar at fas.harvard.edu
Wed Jun 3 17:31:03 EDT 2009


Lucian Branescu wrote:
> Also, now I'm more inclined to do the dbus functionality through
> pyxpcom, mostly because of security issues. This
> http://sandbox.movial.com/wiki/index.php/Browser_DBus_Bridge#Gecko_version_notes
> would provide dbus accessibility directly to javascript and I'd need
> to handle security around that.

Personally, I recommend that you not worry about this.  Sugar is designed
with the assumption that Activities can be arbitrary untrusted code, and
so they are run in jails that prevent them from taking actions not
explicitly permitted by the user.  This includes various kinds of D-Bus
actions.

I am not knowledgeable about the present state of D-Bus isolation in
Rainbow, but if it is insufficient it should be fixed in Rainbow, not in
the browser.

--Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
Url : http://lists.sugarlabs.org/archive/sugar-devel/attachments/20090603/7127cd05/attachment.pgp 


More information about the Sugar-devel mailing list