On Thu, Jun 26, 2008 at 08:53:47AM +0200, Bert Freudenberg wrote: > > Am 26.06.2008 um 01:22 schrieb John Gilmore: > > >> The activity start script should configure Opera to put its > >> configuration file in $SUGAR_ACTIVITY_ROOT/data instead of > >> $HOME/.opera. Also it should set umask to 0002 so the config file is > >> group-writable (otherwise the next activity instance cannot > >> overwrite). > >> > >> See http://wiki.laptop.org/go/Low-level_Activity_API#File_Access > > > >>> QSettings: error creating /home/olpc/isolation/1/uid_to_home_dir/ > >>> 10000/.qt > >>> opera: Can not use personal directory: /home/olpc/isolation/1/ > >>> uid_to_home_dir/10000/.opera > > > > This looks more like a bug in Rainbow than in Opera.
It was considered to be a feature at the time it was introduced. > > Why would Sugar or Rainbow be setting $HOME to a rainbow-created > > directory that the activity can't make subdirectories in? Because the spec it was built to said that activities should be permitted to write to precisely three directories named 'tmp', 'data', and 'instance'. Furthermore, it was entirely unclear at the time which one $HOME should point to. > > (The universe of Unix programs isn't going to rewrite itself because > > OLPC decided that $SUGAR_ACTIVITY_ROOT is the right place to keep your > > files on Unix. $HOME has been that place for decades. Rainbow is > > already setting $HOME. It's just apparently setting it to something > > that doesn't work.) > > > >> Also it should set umask to 0002 so the config file is > >> group-writable (otherwise the next activity instance cannot > >> overwrite). rainbow >= 0.7.4 (available since Nov. 10, 2007) sets umask(0) before running the activity. However, we found that several important library calls like mkstemp, mkdtemp, and the equivalent file creation code used by xulrunner hardcode the use of modes like 0700 and 0600 for directories and files that they create. It would not surprise me if Opera behaved similarly. > > If Rainbow runs the same activity as many different UIDs that share a > > single group ID, then yes, Rainbow should be setting the umask so that > > files are created group-writeable by default. There should be no need > > to modify ordinary Unix programs for this. > > Agreed, but Peter's question was about build 708 so it might be fixed > in the mean time. rainbow >= 0.7.12 causes $HOME to be writable. This change has been available since April 10, 2008 in joyride and is expected to be included in our next major release. > $SUGAR_ACTIVITY_ROOT/instance now, which should work at least, but I > think is also wrong as it is not shared between activity instances. As a result of the fact that xulrunner hardcodes the use of modes like 0700 and 0600 in its file creation code, I decided that we should set $HOME == $SAR/instance by default so that programs would be less likely to encounter files they couldn't write. Activities which dislike this default are fully capable of changing themselves when they are executed. That being said, I'm open to arguments about what the default should be. Have you got some mechanism for setting $HOME to $SAR/data which would be safe in the face of programs like xulrunner? (For what it's worth, I happen think that the real defect is that uids and instance dirs are deleted on reboot and recreated on activity resume rather than being persistent and reused at activity resume. Unfortunately, though I intend to address this issue as soon as my other responsibilities permit, it will probably be a while before that happens. Interested onlookers should definitely take initiative here and then submit their results for discussion and possible merging.) > But that won't help machines in the field now so I gave a recipe that > would work around that bug. Thanks! Michael _______________________________________________ Security mailing list [email protected] http://lists.laptop.org/listinfo/security
