On Mon, Nov 23, 2015 at 10:57 PM Carsten Haitzler <ras...@rasterman.com> wrote:
> On Wed, 18 Nov 2015 20:47:24 +0000 Mike Blumenkrantz > <michael.blumenkra...@gmail.com> said: > > > Looking at the current list of reported bugs, there are no open tickets > > which can be considered as release blockers, nor have there been any such > > issues reported or handled over the past few weeks. > > > > If no one opens a ticket with a release blocking issue, I am expecting to > > execute this release either next week or the week after depending on my > > availability. > > one issue - dbus api's for e_remote. > > i think we should either remove most (except version check and the > filemanager > ones) or move them to msgbus module. the filemanager ones should be rate > limited. > > why? wayland - security. right now our dbus api allows someone to poke > into e > and do nasty things. in x11 this is "well DUH it's x11. what's new?" but > in the > wayland universe this is not good. > > so... > > 1. rate limit fileman dbus api's to mitigate them being a dos attack vector > (i'm going to ignroe for now security issues eg in efm or image loaders > etc. > where loading a carefully crafted file will take advantage of a buffer > overflow > - i'm going to consider the overflow, if it is there, an existing hole, so > we > don't create a new one here) > Trivial enough. > 2. remove or move basically all the dbus control methods (remove or move to > msgbus module). mjaybe only leave version in core methods. > Move to msgbus module. This is a useful featureset which is fine in the hands of a responsible user. The module disabled by default. > 3. make changes to enlightenment_remote script accordingly. > No changes should be necessary since all the methods and interfaces don't need to be renamed. These changes will, however, break the remote when the module is not loaded. > > this should ensure e in wayland mode at least has no "pre built in backdoor > controls". > -- > ------------- Codito, ergo sum - "I code, therefore I am" -------------- > The Rasterman (Carsten Haitzler) ras...@rasterman.com > > ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140 _______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
