On Wed, 18 Nov 2015 20:47:24 +0000 Mike Blumenkrantz <[email protected]> said:
> Looking at the current list of reported bugs, there are no open tickets > which can be considered as release blockers, nor have there been any such > issues reported or handled over the past few weeks. > > If no one opens a ticket with a release blocking issue, I am expecting to > execute this release either next week or the week after depending on my > availability. one issue - dbus api's for e_remote. i think we should either remove most (except version check and the filemanager ones) or move them to msgbus module. the filemanager ones should be rate limited. why? wayland - security. right now our dbus api allows someone to poke into e and do nasty things. in x11 this is "well DUH it's x11. what's new?" but in the wayland universe this is not good. so... 1. rate limit fileman dbus api's to mitigate them being a dos attack vector (i'm going to ignroe for now security issues eg in efm or image loaders etc. where loading a carefully crafted file will take advantage of a buffer overflow - i'm going to consider the overflow, if it is there, an existing hole, so we don't create a new one here) 2. remove or move basically all the dbus control methods (remove or move to msgbus module). mjaybe only leave version in core methods. 3. make changes to enlightenment_remote script accordingly. this should ensure e in wayland mode at least has no "pre built in backdoor controls". -- ------------- Codito, ergo sum - "I code, therefore I am" -------------- The Rasterman (Carsten Haitzler) [email protected] ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140 _______________________________________________ enlightenment-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
