#5657 NORM Never A: Rainbow should check that loophole'd activities come from /usr/share/activities.
Zarro Boogs per Child
bugtracker at laptop.org
Sun Dec 23 18:41:22 EST 2007
#5657: Rainbow should check that loophole'd activities come from
/usr/share/activities.
---------------------------------+------------------------------------------
Reporter: cscott | Owner: mstone
Type: defect | Status: new
Priority: normal | Milestone: Never Assigned
Component: security | Version:
Keywords: security, update.1? | Verified: 0
Blocking: | Blockedby:
---------------------------------+------------------------------------------
Rainbow only checks the bundle_id to determine whether to disable
containerization for an activity. Rainbow should also check that the
activity comes from /usr/share/activities; otherwise a kid could download
some activity from the interweb which (invisibly) registers itself as
LogViewer, and then can su to root and do all sorts of mischief.
Requiring installation in /usr/share/activities substantially raises the
barrier for this attack.
--
Ticket URL: <http://dev.laptop.org/ticket/5657>
One Laptop Per Child <http://dev.laptop.org>
OLPC bug tracking system
More information about the Bugs
mailing list