[Sugar-devel] A security vs. functionality question
christoph.derndorfer at gmail.com
Fri Aug 7 01:27:25 EDT 2009
On Fri, Aug 7, 2009 at 12:13 AM, Benjamin M. Schwartz <
bmschwar at fas.harvard.edu> wrote:
> Dear Educators and Engineers,
> To educators:
> How concerned are you about a feature that allows one student to invite
> others to play on their computer? Remote access is only granted if the
> user chooses to share a specific activity. The effect is similar to
> letting someone walk over and type on your keyboard.
> To engineers:
> Is sharing an activity a sufficient indication of intent from the user to
> execute a potentially dangerous action, such as sharing Terminal on a
> public collaboration server? To activate a remote VNC client in Gnome,
> users must fill out this settings panel:
> http://www.bani.com.br/wp-content/uploads/2007/11/vino-p-g.png . Unlike
> an Activity, though, once those settings are made, the desktop is
> permanently shared. An Activity can easily be stopped by a single click
> at any time.
> I have been working on a shareable version of the Terminal activity,
> called ShareTerm. The sharing functionality allows two people to type at
> the same command prompt. There is a spectrum of uses for this, from "a
> friend who knows more than I do showing me how to use the command shell"
> to "an expert developer performing remote debugging (while I observe and
> try to understand what is going on)".
> The critical issue with a shared terminal is security. If I share my
> terminal with you, then you gain the full power of that terminal. On an
> XO, running ShareTerm, this is safe enough. Thanks to Rainbow, the
> ShareTerm prompt has very limited access to the system, so participants
> cannot "break the computer". This limited access also prevents a lot of
> legitimately useful and educational actions, such as performing expert
> maintenance or debugging.
> On SoaS Strawberry, and every other portable Sugar implementation of which
> I am aware, Rainbow is not present, and so ShareTerm is just as dangerous,
> and useful, as inviting someone over to type on your keyboard.
> If this functionality were added to the Terminal activity, then the
> behavior on the XO would match the behavior described for SoaS.
> What do you think we should do?
> One possibility that has occurred to me is to permit unsafe sharing only
> with users who have already been designated as Buddies. Instead of "Share
> with My Neighborhood", the toolbar would only offer "Share with My
Thinking back to my own CS classes or hours spent at the library computer at
school more often than not it was friends/buddies who ended up screwing
around the most with one's machine... (Of course when it comes to that I'm
also guilty as charged;-)
On a more serious note: I think that one solution could be to require the
owner of the XO / Sugar installation whose Terminal activity is shared with
another user to acknowledge a command before it's executed (think along the
lines of Windows' "Are you sure you want to do this?" dialogue). Something
like this could be especially useful in situations where the ShareTerm might
not be the currently active activity which results in the user not really
seeing or being able to follow what is being done on his/her machine.
Also, and I'm not sure whether this is doable, it could be cool to have a
Chat widget running in parallel within the ShareTerm window therefore
allowing users to chat and use ShareTerm within the same activity.
e-mail: christoph at olpcnews.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Sugar-devel