michael wrote: > On Tue, Apr 29, 2008 at 02:54:15PM -0400, Paul Fox wrote: > > michael wrote: > > > Depends. Any software you run can write to your .xsession, yes? > > > Afterward, will you really notice an extra instance of 'bash', or > > > 'kdmgd', or some other nonsense running in the background, capturing all > > > your keystrokes, aliasing 'sudo', running 'xauth ++', setting up a > > > spambot, or querying an IRC server for recent local root exploits? > > > > eek! time to retire. ;-) > > > > your point is well taken, but since any program i run manually > > can also write to lots and lots of things that i run, or use as > > config, > > On an XO running a recent build (including 703), almost all activities > are prevented from writing to interesting places like .xsession. We just > invent new uids and gids (user ids and group ids) for them on demand. > Also, there's plenty left to do to help control the current exceptions.
this paragraph is an argument that autostart is "okay" on the XO -- not as dangerous as it is on my traditional workstation. > > > i'm not sure why autostart makes a huge difference. > i think i should have added "... from a security perspective." > Avoiding autostart means that reboot is much more powerful - rebooting > will actually have some chance of restoring your system to a workable > state. It also gives you a small mischief diagnosis tool - you can do > controlled experiments to determine whether your system does annoying > things when you run specific activities. (We're thinking of trying to > add some power usage monitoring and some network isolation that will > further support this use.) Combined with a button or option on each > activity that lets one wipe away cached state, this system will > plausibly have achieved a new plateau of mischief resilience. i never considered that there wouldn't be a "safe mode" override for autostart. (just as you wouldn't implement hibernate without the ability to still do a true cold boot.) paul =--------------------- paul fox, [EMAIL PROTECTED] (arlington, ma, where it's 46.2 degrees) _______________________________________________ Sugar mailing list [email protected] http://lists.laptop.org/listinfo/sugar
