On Fri, Aug 1, 2008 at 5:01 PM, Jameson Chema Quinn <[EMAIL PROTECTED]> wrote: > Problem: anything named "Journal", "Terminal", "Log", or "Analyze" is not > isolated. This is the biggest security hole we have right now: it is a > trivial way for any activity to get root access.
Another possible short-term hack is to simple disable activitybundle.install() and activitybundle.upgrade() for bundes with bundle_ids matching those of Journal, Terminal, Log, or Analyze. This allows these activities to be installed in /home/olpc/Activites with a customization key, as usual, but prevents malicious attackers from using a web link or the activity updater to replace the originally-installed versions. This has the benefit of (a) not requiring us to revisit the "activities in /home" war, and (b) allowing us to upgrade the versions of these trusted activities in /home in (say) 9.1, using the "proper" mechanism. --scott -- ( http://cscott.net/ ) _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel