On Tue, 24 Nov 2015 04:27:08 +0000 Mike Blumenkrantz <michael.blumenkra...@gmail.com> said:
> On Mon, Nov 23, 2015 at 10:57 PM Carsten Haitzler <ras...@rasterman.com> > wrote: > > > On Wed, 18 Nov 2015 20:47:24 +0000 Mike Blumenkrantz > > <michael.blumenkra...@gmail.com> said: > > > > > Looking at the current list of reported bugs, there are no open tickets > > > which can be considered as release blockers, nor have there been any such > > > issues reported or handled over the past few weeks. > > > > > > If no one opens a ticket with a release blocking issue, I am expecting to > > > execute this release either next week or the week after depending on my > > > availability. > > > > one issue - dbus api's for e_remote. > > > > i think we should either remove most (except version check and the > > filemanager > > ones) or move them to msgbus module. the filemanager ones should be rate > > limited. > > > > why? wayland - security. right now our dbus api allows someone to poke > > into e > > and do nasty things. in x11 this is "well DUH it's x11. what's new?" but > > in the > > wayland universe this is not good. > > > > so... > > > > 1. rate limit fileman dbus api's to mitigate them being a dos attack vector > > (i'm going to ignroe for now security issues eg in efm or image loaders > > etc. > > where loading a carefully crafted file will take advantage of a buffer > > overflow > > - i'm going to consider the overflow, if it is there, an existing hole, so > > we > > don't create a new one here) > > > > Trivial enough. done. > > 2. remove or move basically all the dbus control methods (remove or move to > > msgbus module). mjaybe only leave version in core methods. > > > > Move to msgbus module. This is a useful featureset which is fine in the > hands of a responsible user. The module disabled by default. done. > > 3. make changes to enlightenment_remote script accordingly. > > > > No changes should be necessary since all the methods and interfaces don't > need to be renamed. These changes will, however, break the remote when the > module is not loaded. well if disabled entirely they should be removed. i have disabled restart and shutdown - the dbsu methods exist, but will not work. > > this should ensure e in wayland mode at least has no "pre built in backdoor > > controls". > > > > -- > > ------------- Codito, ergo sum - "I code, therefore I am" -------------- > > The Rasterman (Carsten Haitzler) ras...@rasterman.com > > > > > ------------------------------------------------------------------------------ > Go from Idea to Many App Stores Faster with Intel(R) XDK > Give your users amazing mobile app experiences with Intel(R) XDK. > Use one codebase in this all-in-one HTML5 development environment. > Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. > http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140 > _______________________________________________ > enlightenment-devel mailing list > enlightenment-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > -- ------------- Codito, ergo sum - "I code, therefore I am" -------------- The Rasterman (Carsten Haitzler) ras...@rasterman.com ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140 _______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
