Qui, 2005-10-27 às 14:29 +0100, Alan Cox escreveu: > On Iau, 2005-10-27 at 13:32 +0100, Gustavo J. A. M. Carneiro wrote: > > The result: a single process (per user, per display), and a single > > main loop, for all applets. Of course this means if one applet > > deadlocks or dies, they all die. But at least dying in python is not so > > easy. You usually get only an exception that is ignored. Deadlock is > > > Which means all the applets run in the same security context which like > all the assumptions about "root" in other threads is a bad idea. To > apply good security policies you need isolation not amorphous blobs.
Did you notice I mentioned this is a _per user_ process? I really don't see what difference it makes having one or 10 processes from a security point of view. Once the attacker gets in, it can do the same damage in both cases. In any case, for applets exposed to network protocols, Python is one order of magnitude better than C from a security point of view. It's still hackable, but not nearly as easy. From a _stability_ point of view, now there is a problem. No way around that. One applet could block all the other applets, unless threads are used. And threads should not be used. It is a tradeoff we'd have to accept. :| Regards. -- Gustavo J. A. M. Carneiro <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> The universe is always one step beyond logic. _______________________________________________ desktop-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/desktop-devel-list
