-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mikus Grinbergs wrote: | I'm not familiar with the details of the Rainbow implementation, but | I question this claim: | |> Sugar, as it currently stands, is among the least secure operating systems |> ever, far less secure than any modern Linux or Windows OS. I can easily |> write an Activity that, when run by the user, escalates to root privileges |> and does anything I like with the system. | | My understanding was that something called an 'Activity' would be | assigned its own userid-groupid. The standard Linux permissions | would prevent such an 'Activity' from messing up the system.
The problem is the "loophole'd" activities: Journal and Terminal. These two activities run with the full privileges of the user. The identity of an activity is simply its D-Bus name. Therefore, if I write an Activity and set its D-Bus name to be org.laptop.TerminalActivity, it will run as user "olpc", not as an isolated user. It will therefore have root access via passwordless su. This loophole was meant as a temporary workaround, to be replaced once Sugar acquired a secure mechanism for providing specific Activity bundles with elevated privileges. I'm merely suggesting that it is time to implement that mechanism. - --Ben -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiI3QEACgkQUJT6e6HFtqSOKQCcCwW0dNZ9nnrHgF/bzEuU0YPj wdUAn2Vnfx+RVw95W/fUXqtcQVF2aGSI =bs5K -----END PGP SIGNATURE----- _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel