Re: [sugar] Web activity not containerized?

2007-12-22 Thread Michael Stone
On Sat, Dec 22, 2007 at 08:14:16PM -0500, Albert Cahalan wrote: > Running an activity as the same user every time will not offer > a way for that activity to attack any other activity. This should > be the major concern. The part that concerns me is that there are lots of activities derived from

Re: [sugar] Web activity not containerized?

2007-12-22 Thread Albert Cahalan
Michael Stone writes: > On Sat, Dec 22, 2007 at 11:29:40PM +0100, Bert Freudenberg wrote: >> Why not simply run it as the same (non-olpc) user every time? >> >> - Bert - > > I don't personally want to provide such an option > because I consider it prone to abuse. I'm not seeing much of a problem

Re: [sugar] Web activity not containerized?

2007-12-22 Thread Marco Pesenti Gritti
On Dec 22, 2007 10:35 PM, Michael Stone <[EMAIL PROTECTED]> wrote: > Bert, > > Xulrunner hardcodes the use of permissions like 0600 and 0700 all > throughout its code-base. This means that, when Browse stores its > profile information (SSL certs, web cache, ...) in $SAR/data, many > operations fail

Re: [sugar] Web activity not containerized?

2007-12-22 Thread Michael Stone
On Sat, Dec 22, 2007 at 11:29:40PM +0100, Bert Freudenberg wrote: > Why not simply run it as the same (non-olpc) user every time? > > - Bert - I don't personally want to provide such an option because I consider it prone to abuse. Specifically, I don't know who (other than the human operator) s

Re: [sugar] Web activity not containerized?

2007-12-22 Thread Bert Freudenberg
Why not simply run it as the same (non-olpc) user every time? - Bert - On Dec 22, 2007, at 22:35 , Michael Stone wrote: > Bert, > > Xulrunner hardcodes the use of permissions like 0600 and 0700 all > throughout its code-base. This means that, when Browse stores its > profile information (SSL cer

Re: [sugar] Web activity not containerized?

2007-12-22 Thread Michael Stone
Bert, Xulrunner hardcodes the use of permissions like 0600 and 0700 all throughout its code-base. This means that, when Browse stores its profile information (SSL certs, web cache, ...) in $SAR/data, many operations fail during the second launch of Browse. See http://wiki.laptop.org/go/Concurr

[sugar] Web activity not containerized?

2007-12-22 Thread Bert Freudenberg
Hi Marco, just saw your commit to take the Web activity out of its security container. What's the motivation behind that? Wouldn't the browser be particularly advised to run in the safest manner possible? - Bert - ___ Sugar mailing list Sugar@list