[Sugar-devel] [ASLO] Release Read ETexts-19

Sascha Silbe sascha-ml-ui-sugar-devel at silbe.org
Wed Mar 17 07:13:45 EDT 2010


On Tue, Mar 16, 2010 at 07:55:59PM -0500, James Simmons wrote:

> It would be nice if one of the things Activities were allowed to write
> to was external drives mounted on /media.
The only thing that might prevent that is Rainbow, which isn't installed 
by default on any system running > 0.82 that I know of (and in 
0.82-using OLPC builds it's supposed to allow access to /media [1]). So 
while you cannot depend on it, it will work fine in most cases in the 
near future.

> That would enable anyone to put together a Journal-like Activity and 
> yet would probably not do too much harm securitywise.
I have to disagree, access to /media/* is equally sensitive as access to 
the data store. It's even so similar that we might use the same set of 
permissions for both.

FTR: Rainbow currently doesn't do anything special for /media. Sugar (or 
probably the Gnome parts it's based on) mounts FAT filesystems in /media 
with dmask=0077, thereby denying access to anyone but the primary user. 
In combination this means access to /media/* is denied to activities 
running on recent Sugar and Rainbow.


[1] 
http://wiki.sugarlabs.org/go/Development_Team/Low-level_Activity_API#External_Media

CU Sascha

-- 
http://sascha.silbe.org/
http://www.infra-silbe.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
Url : http://lists.sugarlabs.org/archive/sugar-devel/attachments/20100317/25fb3fcf/attachment.pgp 


More information about the Sugar-devel mailing list