On Tue, Nov 24, 2015 at 8:08 AM Carsten Haitzler <[email protected]> wrote:
> On Tue, 24 Nov 2015 04:27:08 +0000 Mike Blumenkrantz > <[email protected]> said: > > > On Mon, Nov 23, 2015 at 10:57 PM Carsten Haitzler <[email protected]> > > wrote: > > > > > On Wed, 18 Nov 2015 20:47:24 +0000 Mike Blumenkrantz > > > <[email protected]> said: > > > > > > > Looking at the current list of reported bugs, there are no open > tickets > > > > which can be considered as release blockers, nor have there been any > such > > > > issues reported or handled over the past few weeks. > > > > > > > > If no one opens a ticket with a release blocking issue, I am > expecting to > > > > execute this release either next week or the week after depending on > my > > > > availability. > > > > > > one issue - dbus api's for e_remote. > > > > > > i think we should either remove most (except version check and the > > > filemanager > > > ones) or move them to msgbus module. the filemanager ones should be > rate > > > limited. > > > > > > why? wayland - security. right now our dbus api allows someone to poke > > > into e > > > and do nasty things. in x11 this is "well DUH it's x11. what's new?" > but > > > in the > > > wayland universe this is not good. > > > > > > so... > > > > > > 1. rate limit fileman dbus api's to mitigate them being a dos attack > vector > > > (i'm going to ignroe for now security issues eg in efm or image > loaders > > > etc. > > > where loading a carefully crafted file will take advantage of a buffer > > > overflow > > > - i'm going to consider the overflow, if it is there, an existing > hole, so > > > we > > > don't create a new one here) > > > > > > > Trivial enough. > > done. > > > 2. remove or move basically all the dbus control methods (remove or > move to > > > msgbus module). mjaybe only leave version in core methods. > > > > > > > Move to msgbus module. This is a useful featureset which is fine in the > > hands of a responsible user. The module disabled by default. > > done. > > > > 3. make changes to enlightenment_remote script accordingly. > > > > > > > No changes should be necessary since all the methods and interfaces don't > > need to be renamed. These changes will, however, break the remote when > the > > module is not loaded. > > well if disabled entirely they should be removed. i have disabled restart > and > shutdown - the dbsu methods exist, but will not work. > In the future, I would take it as a personal favor if you would split things like this into separate commits. > > > > this should ensure e in wayland mode at least has no "pre built in > backdoor > > > controls". > > > > > > > -- > > > ------------- Codito, ergo sum - "I code, therefore I am" > -------------- > > > The Rasterman (Carsten Haitzler) [email protected] > > > > > > > > > ------------------------------------------------------------------------------ > > Go from Idea to Many App Stores Faster with Intel(R) XDK > > Give your users amazing mobile app experiences with Intel(R) XDK. > > Use one codebase in this all-in-one HTML5 development environment. > > Design, debug & build mobile apps & 2D/3D high-impact games for multiple > OSs. > > http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140 > > _______________________________________________ > > enlightenment-devel mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > > > > > -- > ------------- Codito, ergo sum - "I code, therefore I am" -------------- > The Rasterman (Carsten Haitzler) [email protected] > > Thanks for doing all this, you've saved me a bunch of time! ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140 _______________________________________________ enlightenment-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
