-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I think shared Terminal would be very cool. A lot of other people seem to think so too. It would be a fun way to learn command-line stuff, by sharing a prompt with a remote friend.
This is not quite the same thing as standard SSH, which allows someone else to start a new terminal on someone else's computer. In this case, we want outsiders to be able to _join_ a Terminal session on someone else's computer. We can imagine two ways of "sharing" Terminal: read-only and read-write. Read-only means that joiners can only view the proceedings, not participate in them. Read-write means that anyone can type on the same command-line. I am concerned here primarily with the read-write case, as it seems more general and more instructional. The biggest problem with read-write shared Terminal is security. The remote participant gains the full privileges of the local participant. Currently, anyone can type in Terminal has root access to the machine. However, this is not necessary. For example, even with the current Rainbow implementation, we can create a new Activity called "SafeTerminal" that runs as an unprivileged user, with all the implied protections. One way to implement such a SafeTerminal with sharing is to use sshd and screen, as noted in (http://www.linux.com/articles/56443). The activity can start an instance of screen when it launches. When it is shared, it can start an sshd (running as the unprivileged user). Joining instances can log in to the sshd and automatically connect to the shared session of screen. Details: Q: How do we make the shared sshd available only to invited members? A: We might be able to do this using Telepathy's Stream Tubes. We would have to set up an IPv4 stream-tube on each side with access restricted to localhost. The server would do sshd -p [server_port], and the client would do ssh -p [client_port] localhost. Q: How do we run multiple independent shared instances of SafeTerminal without having port collisions? A: This is a problem for any Activity that wants to use a TCP port. There are only so many ports, and there is a possibility of collisions if Activities choose ports independently. Vserver would have solved this problem. An ideal solution would be to use UNIX sockets instead of IPv4 sockets, but I do not know of any way to make ssh use a UNIX socket. The best possible solution may be for Sugar to provide a port assignment service from which Activities request ports. Q: What if the user has disabled Rainbow protections, either entirely or just for this Activity? A: It's possible that SafeTerminal should refuse to share if it detects that it is running with "too much privilege". On the other hand, SafeTerminal running with sudo privileges would be a great way to allow a trusted friend to help me fix my system. Once we are clear on the details, I do not think it will be very difficult to implement a safe shared Terminal. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIKH1xUJT6e6HFtqQRApgRAKCSKq8DTcZnI2svVjkUQk77AiY5zwCggf5N uzK1ravXV9MCKk4q1DfCENI= =k0xV -----END PGP SIGNATURE----- _______________________________________________ Sugar mailing list [email protected] http://lists.laptop.org/listinfo/sugar
