On Tue, 24 Nov 2015 16:45:32 +0000 Mike Blumenkrantz <[email protected]> said:
> On Tue, Nov 24, 2015 at 8:08 AM Carsten Haitzler <[email protected]> > wrote: > > > On Tue, 24 Nov 2015 04:27:08 +0000 Mike Blumenkrantz > > <[email protected]> said: > > > > > On Mon, Nov 23, 2015 at 10:57 PM Carsten Haitzler <[email protected]> > > > wrote: > > > > > > > On Wed, 18 Nov 2015 20:47:24 +0000 Mike Blumenkrantz > > > > <[email protected]> said: > > > > > > > > > Looking at the current list of reported bugs, there are no open > > tickets > > > > > which can be considered as release blockers, nor have there been any > > such > > > > > issues reported or handled over the past few weeks. > > > > > > > > > > If no one opens a ticket with a release blocking issue, I am > > expecting to > > > > > execute this release either next week or the week after depending on > > my > > > > > availability. > > > > > > > > one issue - dbus api's for e_remote. > > > > > > > > i think we should either remove most (except version check and the > > > > filemanager > > > > ones) or move them to msgbus module. the filemanager ones should be > > rate > > > > limited. > > > > > > > > why? wayland - security. right now our dbus api allows someone to poke > > > > into e > > > > and do nasty things. in x11 this is "well DUH it's x11. what's new?" > > but > > > > in the > > > > wayland universe this is not good. > > > > > > > > so... > > > > > > > > 1. rate limit fileman dbus api's to mitigate them being a dos attack > > vector > > > > (i'm going to ignroe for now security issues eg in efm or image > > loaders > > > > etc. > > > > where loading a carefully crafted file will take advantage of a buffer > > > > overflow > > > > - i'm going to consider the overflow, if it is there, an existing > > hole, so > > > > we > > > > don't create a new one here) > > > > > > > > > > Trivial enough. > > > > done. > > > > > > 2. remove or move basically all the dbus control methods (remove or > > move to > > > > msgbus module). mjaybe only leave version in core methods. > > > > > > > > > > Move to msgbus module. This is a useful featureset which is fine in the > > > hands of a responsible user. The module disabled by default. > > > > done. > > > > > > 3. make changes to enlightenment_remote script accordingly. > > > > > > > > > > No changes should be necessary since all the methods and interfaces don't > > > need to be renamed. These changes will, however, break the remote when > > the > > > module is not loaded. > > > > well if disabled entirely they should be removed. i have disabled restart > > and > > shutdown - the dbsu methods exist, but will not work. > > > > In the future, I would take it as a personal favor if you would split > things like this into separate commits. i considered this the "same change" which is securing remote ipc for wayland - i did split rate limiting as it was more reducing possible pain. > > > > this should ensure e in wayland mode at least has no "pre built in > > backdoor > > > > controls". > > > > > > > > > > -- > > > > ------------- Codito, ergo sum - "I code, therefore I am" > > -------------- > > > > The Rasterman (Carsten Haitzler) [email protected] > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > Go from Idea to Many App Stores Faster with Intel(R) XDK > > > Give your users amazing mobile app experiences with Intel(R) XDK. > > > Use one codebase in this all-in-one HTML5 development environment. > > > Design, debug & build mobile apps & 2D/3D high-impact games for multiple > > OSs. > > > http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140 > > > _______________________________________________ > > > enlightenment-devel mailing list > > > [email protected] > > > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > > > > > > > > > -- > > ------------- Codito, ergo sum - "I code, therefore I am" -------------- > > The Rasterman (Carsten Haitzler) [email protected] > > > > > > Thanks for doing all this, you've saved me a bunch of time! -- ------------- Codito, ergo sum - "I code, therefore I am" -------------- The Rasterman (Carsten Haitzler) [email protected] ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140 _______________________________________________ enlightenment-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
