On Thu, Mar 15, 2012 at 6:59 PM, SUN Haitao <[email protected]> wrote: > A security model only considering packages seems not enough: > > As far as I can tell, there are 4 (or more) types of possible runnables on > B2G: > 0) Kernel, drivers (including virtual device drivers), CLI tools > (including services), browser engine and (maybe) plug-ins. > 1) Packed programs written in HTML/CSS/JS. > 2) Installed non-local Web apps (including sites). > 3) Non-installed Web apps (including sites).
sun, hi, this is very useful categorisation. i've added what you wrote as a section here: https://wiki.mozilla.org/Apps/Security#Types_of_Runnables i'm going to add a type 4 as well, if that's ok, which is the conceptual equivalent of "/usr/local" https://wiki.mozilla.org/Apps/Security#Other_.28topics_that_don.27t_fall_into_above_proposals.29 it's > (It seems all type 1 runnables can be implements as type 2 or 0. Maybe > we needn't treat them as a seperate type) > > For type 0 & 1, a deployment mechanism like apt/yum works fine i believe so, yes. > (and seems required for type 0). yes absolutely. it would be insane to go writing an entire new packaging deployment system when there are perfectly good ones out there. oh, for completeness it's probably worthwhile mentioning openembedded: they've "adopted" the .deb system, renamed .deb to "ipk" and slightly simplified it (removed all of the dependency-tracking and much of the safety mechanisms, whoops, but it is smaller code. much smaller) > But for type 2 & 3, such mechanism may not > cover. I'm afraid that many apps will be implemented as type 2 or 3 > for smooth of (re)deployment (and this is a huge advantage for web > apps to native ones). So we still need think what to do when there is > no package at all. yes i definitely agree. it would be good to have some input as to what's actually envisaged (and possible / practical), here. i have to say that the idea of dynamic loading of gaia apps makes me rather twitchy. especially as you can achieve the same result by going through the "install" process, and get better security all round. both require a network connection, so why would you bypass the security process? :) ... or were you referring to something else? l. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
