2014-12-09 0:59 GMT+01:00 Mattias Andrée <maand...@member.fsf.org>: > On Tue, 9 Dec 2014 00:38:30 +0100 > Matthias Klumpp <matth...@tenstral.net> wrote: > >> This actually has some security implications, e.g. a >> malicious software can taint the other applications and >> use them to hide itself. > > Provided that we are talking about applications:
> * Unless you require root they can always so this. Software installation requires administrative privileges. > * They can always taint ~/.local, and personally I > have ~/.local/bin in my $PATH. > > * If your require root they can set setuid, and > taint everything. If the binaries and libraries live in a non-writeable directory, the only thing bad software running with user privileges can do is placing a .desktop file which overrides the system-provided one (still bad). It can not modify the binary itself though, or libraries it uses. >> once kdbus is merged into the kernel (and >> large chunks of data can be transmitted via it), we get >> something which is able to perform these tasks. > > Would by mind clarifying what you are talking about? I highly recommend watching this video of a talk by Lennart Poettering: http://www.superlectures.com/guadec2013/sandboxed-applications-for-gnome The slides exist on the net as well. Cheers, Matthias -- Debian Developer | Freedesktop-Developer I welcome VSRE emails. See http://vsre.info/ _______________________________________________ xdg mailing list xdg@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/xdg