[Sugar-devel] RAM DoS

[Luke Faraone]

On Mon, Mar 9, 2009 at 7:05 PM, Michael Stone <michael at laptop.org> wrote:

>  as in there are no bindings for launching a rainbow'd application
>>
>  What is a "binding for launching a rainbow'd (sic. isolated) application"?
>

How do I install an application that is not a sugar bundle and request A)
that I be isolated and B) that I be given P_FOO and P_BAR?

Will drag-and-drop be considered a "opening action", since non-sugar
environments are not full-screen-is-one-window?


>  and most programs will be incompatible with it. (and will need source
>> changes)
>>
>
> Evidence, please?


By that I mean if you decided to launch, say OO.o, with Rainbow enabled it
would most likely fail to work properly without source changes. (at least
from my cursory reading of bitfrost.txt)

See also http://dev.laptop.org/git?p=security;a=blob;f=bitfrost.txt#l902 ,
many common desktop apps are "rare exceptions".

How do we handle file saving when we lack a journal? (what about temporary
backup files that need to persist in between runs, etc)

Also, the mutual exclusivity of P_DOCUMENT_RO and P_NET make apps like
F-Spot require custom exceptions. Possible solutions exist of course, such
as treating all distro packages as "signed", and therefor trusted to bypass
these exceptions.

By the way, doesn't rainbow require X server patches to function, or is
access control turned off? (as in how do the isolated apps write to X?)

-- 
Luke Faraone
http://luke.faraone.cc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sugarlabs.org/archive/sugar-devel/attachments/20090309/1f12e8eb/attachment.htm