On Jul 7, 2008, at 10:29 AM, Martin Dengler wrote: > No response? Your message _appears_ to suppose that the security model was defined for the hell of it, or because someone wanted to engage in an interesting academic experiment, and thus breaking the security model when it's convenient is somehow okay. That's not a discussion I'm particularly interested in, but Michael will probably be more helpful.
> ...seems false. I just tried an IE 7.0 install I have, and it does > in fact > support "launch-by-click" for executables yields: > http://dev.laptop.org/~mdengler/launch-by-click-ie.jpg That's precisely the seam that Michael and I wrote about in his previous message to the thread. The opposition he and I have is towards allowing single-click actions to cross security barriers without the system _ensuring_ that the user is informed of the crossing. In other words, to support Browse launching Pippy when a .py file is clicked, Rainbow would have to confer upon Browse the privilege of launching other activities (which may, and in the case of execution environments such as Pippy and eToys, regularly will) have higher privileges than Browse itself, have such launched activities operate on arbitrary input provided by Browse, and not require user approval anywhere in the process. This is stupid. The way to do it is to throw up a (system-, not Browse- rendered!) warning dialog indicating that a security boundary is about to be crossed, and allowing the user to stop the action -- unless this particular boundary traversal was specifically approved ahead of time. -- Ivan Krstić <[EMAIL PROTECTED]> | http://radian.org _______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
