[Sugar-devel] [ASLO] Release Read ETexts-19

Tomeu Vizoso tomeu at tomeuvizoso.net
Fri Mar 19 05:28:10 EDT 2010


On Wed, Mar 17, 2010 at 23:08, James Simmons <nicestep at gmail.com> wrote:
> Sascha,
>
> I was looking at the code for Leer Pen Drive and thinking how I could
> improve on it, and in the process I ended up looking at
> git.sugarlabs.org at the code for Journal.  Apparently that is not the
> most recent code, but I was a bit surprised that Journal inherits from
> Activity.  That wouldn't be too surprising except that the Journal
> Activity can write to a USB or thumb drive.  I couldn't figure out how
> or even where it was doing it, but it does seem that you could write
> an Activity that does everything the Journal does, from writing to
> mounted media to unmounting it.
>
> How is that possible?  My guess: like everything else I don't fully
> understand about Sugar, it has something to do with DBus.
>
> If anyone could point me to something that might help my understanding
> I'd appreciate it.

Hi James,

the journal shares with activities some code, but is activated
differently. It runs inside the shell process instead of being run as
a separate process inside a rainbow sandbox, and this is why it can do
things that other activities cannot.

Regards,

Tomeu

> James Simmons
>
>
> On Wed, Mar 17, 2010 at 6:13 AM, Sascha Silbe
> <sascha-ml-ui-sugar-devel at silbe.org> wrote:
>> On Tue, Mar 16, 2010 at 07:55:59PM -0500, James Simmons wrote:
>>
>>> It would be nice if one of the things Activities were allowed to write
>>> to was external drives mounted on /media.
>>
>> The only thing that might prevent that is Rainbow, which isn't installed by
>> default on any system running > 0.82 that I know of (and in 0.82-using OLPC
>> builds it's supposed to allow access to /media [1]). So while you cannot
>> depend on it, it will work fine in most cases in the near future.
>>
>>> That would enable anyone to put together a Journal-like Activity and yet
>>> would probably not do too much harm securitywise.
>>
>> I have to disagree, access to /media/* is equally sensitive as access to the
>> data store. It's even so similar that we might use the same set of
>> permissions for both.
>>
>> FTR: Rainbow currently doesn't do anything special for /media. Sugar (or
>> probably the Gnome parts it's based on) mounts FAT filesystems in /media
>> with dmask=0077, thereby denying access to anyone but the primary user. In
>> combination this means access to /media/* is denied to activities running on
>> recent Sugar and Rainbow.
> _______________________________________________
> Sugar-devel mailing list
> Sugar-devel at lists.sugarlabs.org
> http://lists.sugarlabs.org/listinfo/sugar-devel
>


More information about the Sugar-devel mailing list