On Mar 22, 2007, at 0:26 , John (J5) Palmieri wrote:
On Thu, 2007-03-22 at 00:14 +0100, Bert Freudenberg wrote:
On Mar 20, 2007, at 19:08 , John (J5) Palmieri wrote:
Well, SJ asked for simple etoy project launching by clicking on a
link in a web page. And when that project is run, it can execute
arbitrary Squeak code, so without specific counter-measures it could
freely access d-bus. It's pretty much as if you'd download and
execute arbitrary Python code.
Before loading a foreign project we enable the squeak sandbox, which
for example limits file access to one specific scratch directory. A
project is considered foreign if it was not signed with the users
private key (this is the key that is generated when running etoys for
the first time). So if you're saying restricting d-bus access would
still be valuable, we could arrange that only a specific set of d-bus
messages could be sent or received once the sandbox is enabled.
If we used SELinux this would be easy. We would simply confine any
remote app and define system wide rules to what dbus interfaces and
names they could access. This should not be done by the squeak
sandbox.
If we have vserver and the vserver guys get me the patch to D-Bus this
should be possible also.
Cool - one thing less to worry about for us then :)
- Bert -
_______________________________________________
Sugar mailing list
[email protected]
http://mailman.laptop.org/mailman/listinfo/sugar
