[sugar] perceived sugar performance

Michael Stone michael
Tue Apr 29 14:34:44 EDT 2008


On Tue, Apr 29, 2008 at 02:15:54PM -0400, Paul Fox wrote:
> michael wrote:
>  > Personally, I have found extensible autostart mechanisms which process
>  > third-party data to be more useful to trojan authors than to users so
>  > I'm mildly inclined to consider such mechanisms to be a misfeatures
> 
> really?  i'm not sure where the "third-party" data comes into it.  i
> suppose with browse, maybe, but my .xsession has started two xterms on
> my desktop for many years, and i've never considered it a security
> issue.  just a time-saver.

Depends. Any software you run can write to your .xsession, yes?
Afterward, will you really notice an extra instance of 'bash', or
'kdmgd', or some other nonsense running in the background, capturing all
your keystrokes, aliasing 'sudo', running 'xauth ++', setting up a
spambot, or querying an IRC server for recent local root exploits?

Actually, an even more compelling demonstration of the problem comes
from the Windows world. Consider the Windows 'Start' directory, the
Windows registry hives which list both autostarted "user programs" and
"services", automatically loaded drivers, corruption of Word's
normal.dot template, and Windows' tendency to automatically run software
it that it locates on data CDs. I have seen every single one of these
mechanisms used to cause substantial mischief. All of them amount to an
automatic "run this software" API. Often, there are ways to have the
software run silently, run in a fashion that users are unable to kill,
run steganographically, etc. As I said - in my honest opinion, it's a
misfeature rather than a feature.

"Third party" comes into it because parsing untrusted data is such a
dangerous operation, particularly when the parsers are written in a
non-memory-safe language (as most of them are, "for performance"). For
this reason, both the Journal and Telepathy really scare me because they
run automatically and parse data from lots of third party sources.

>  > Also, where does hibernation fit in your taxonomy?
> 
> i'd think that's pretty different -- coming out of hibernation
> should leave the system exactly as it was when it went in. 
> (unless i'm misunderstanding.)

You understood correctly. It has been previously proposed that we should
(more or less) always hibernate. I was curious if you had thought about
the resulting system.

Michael



More information about the Sugar-devel mailing list