#5657 NORM Update.: Rainbow should check that loophole'd activities come from /usr/share/activities.
Zarro Boogs per Child
bugtracker at laptop.org
Thu Dec 27 15:56:42 EST 2007
#5657: Rainbow should check that loophole'd activities come from
/usr/share/activities.
-----------------------+----------------------------------------------------
Reporter: cscott | Owner: mstone
Type: defect | Status: new
Priority: normal | Milestone: Update.1
Component: security | Version:
Resolution: | Keywords: security, rainbow-integration
Verified: 0 | Blocking:
Blockedby: |
-----------------------+----------------------------------------------------
Changes (by mstone):
* cc: jg, mstone, krstic, cscott, marco (added)
* keywords: security => security, rainbow-integration
Comment:
There's a slight misunderstanding of of how the system works here.
Rainbow itself makes absolutely no decisions about what to launch. So long
as Rainbow believes it is *possible* to launch an activity, it will do so
when asked. Instead, the de-isolation step happens in Sugar when Sugar,
having received a request to start an activity, makes a decision about
whether to forward that request to Rainbow for action (isolation) or
whether to directly handle the request without even mentioning it to
Rainbow (de-isolation).
This is a long way of saying that we actually want a patch to Sugar rather
than a patch to Rainbow.
Next, there's the issue of the patch contents. I would be more comfortable
with a patch that changed Sugar's list of hard-coded bundle-names to a
hard-coded list of bundle-paths. This way, we become conservatively more
safe than we were before.
...
Note: We still have a problem about what to do with downloaded activities
that might fail to function under isolation.
--
Ticket URL: <http://dev.laptop.org/ticket/5657#comment:2>
One Laptop Per Child <http://dev.laptop.org>
OLPC bug tracking system
More information about the Bugs
mailing list