On Thu, Sep 23, 2010 at 5:25 PM, Robert Collins <robert.coll...@canonical.com> wrote: > On Fri, Sep 24, 2010 at 8:58 AM, Benji York <benji.y...@canonical.com> wrote: >> On Thu, Sep 23, 2010 at 4:15 PM, Gavin Panella >> <gavin.pane...@canonical.com> wrote: >>> If I'm collaborating on, reviewing, or otherwise running a >>> not-expected-to-be-evil-but-not-known-to-be-safe Launchpad API >>> consumer, I'd like to be able to say "please use a read-only token >>> this time instead of the desktop token" to reduce the possibility of >>> mishap. Will that be possible? >> >> It's possible, but probably not what we really want to do. Here are a >> few scenarios: > > I think you have some hidden assumptions in your scenarios; I > interpret them rather differently. > >> 1) the app is evil: you're screwed so it doesn't matter if you give it >> read-only or not > > Read-only public data is hardly screwed. Read-only private data may > lead to disclosure but not to privilege escalation. 'Screwed' in this > situation is unliked screwed in life: one can be a little bit screwed > here, and a little bit is better than totally.
The Gnome Keyring folk's assertion (http://live.gnome.org/GnomeKeyring/SecurityPhilosophy) is that all processes running as a particular user in a desktop setting share a single security context. If they are right, then if one application on my desktop has r/w access to LP, then any evil app on my desktop can obtain r/w access (a.k.a. "screwed"). >> 2) the app only reads data: you're fine, but you would have been find >> with read/write access anyway > > Apps that only read data can be evil too, I don't quite see the > distinction you're trying to draw. Here and below I was assuming the app is non-evil. A non-evil, non-broken app that only needs to read will work just fine with r/w access. -- Benji York _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : launchpad-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp