On Tue, Apr 29, 2008 at 02:15:54PM -0400, Paul Fox wrote: > michael wrote: > > Personally, I have found extensible autostart mechanisms which process > > third-party data to be more useful to trojan authors than to users so > > I'm mildly inclined to consider such mechanisms to be a misfeatures > > really? i'm not sure where the "third-party" data comes into it. i > suppose with browse, maybe, but my .xsession has started two xterms on > my desktop for many years, and i've never considered it a security > issue. just a time-saver.
Depends. Any software you run can write to your .xsession, yes? Afterward, will you really notice an extra instance of 'bash', or 'kdmgd', or some other nonsense running in the background, capturing all your keystrokes, aliasing 'sudo', running 'xauth ++', setting up a spambot, or querying an IRC server for recent local root exploits? Actually, an even more compelling demonstration of the problem comes from the Windows world. Consider the Windows 'Start' directory, the Windows registry hives which list both autostarted "user programs" and "services", automatically loaded drivers, corruption of Word's normal.dot template, and Windows' tendency to automatically run software it that it locates on data CDs. I have seen every single one of these mechanisms used to cause substantial mischief. All of them amount to an automatic "run this software" API. Often, there are ways to have the software run silently, run in a fashion that users are unable to kill, run steganographically, etc. As I said - in my honest opinion, it's a misfeature rather than a feature. "Third party" comes into it because parsing untrusted data is such a dangerous operation, particularly when the parsers are written in a non-memory-safe language (as most of them are, "for performance"). For this reason, both the Journal and Telepathy really scare me because they run automatically and parse data from lots of third party sources. > > Also, where does hibernation fit in your taxonomy? > > i'd think that's pretty different -- coming out of hibernation > should leave the system exactly as it was when it went in. > (unless i'm misunderstanding.) You understood correctly. It has been previously proposed that we should (more or less) always hibernate. I was curious if you had thought about the resulting system. Michael _______________________________________________ Sugar mailing list [email protected] http://lists.laptop.org/listinfo/sugar
