[Sugar-devel] [ASLO] Release Read ETexts-19
Sascha Silbe
sascha-ml-ui-sugar-devel at silbe.org
Wed Mar 17 07:13:45 EDT 2010
On Tue, Mar 16, 2010 at 07:55:59PM -0500, James Simmons wrote:
> It would be nice if one of the things Activities were allowed to write
> to was external drives mounted on /media.
The only thing that might prevent that is Rainbow, which isn't installed
by default on any system running > 0.82 that I know of (and in
0.82-using OLPC builds it's supposed to allow access to /media [1]). So
while you cannot depend on it, it will work fine in most cases in the
near future.
> That would enable anyone to put together a Journal-like Activity and
> yet would probably not do too much harm securitywise.
I have to disagree, access to /media/* is equally sensitive as access to
the data store. It's even so similar that we might use the same set of
permissions for both.
FTR: Rainbow currently doesn't do anything special for /media. Sugar (or
probably the Gnome parts it's based on) mounts FAT filesystems in /media
with dmask=0077, thereby denying access to anyone but the primary user.
In combination this means access to /media/* is denied to activities
running on recent Sugar and Rainbow.
[1]
http://wiki.sugarlabs.org/go/Development_Team/Low-level_Activity_API#External_Media
CU Sascha
--
http://sascha.silbe.org/
http://www.infra-silbe.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
Url : http://lists.sugarlabs.org/archive/sugar-devel/attachments/20100317/25fb3fcf/attachment.pgp
More information about the Sugar-devel
mailing list