#2328 BLOC Trial-3: Bitfrost requires that the 'File New' and 'Share' features be initiated through Sugar itself, not through the activities.
Zarro Boogs per Child
bugtracker at laptop.org
Mon Jul 30 14:24:07 EDT 2007
#2328: Bitfrost requires that the 'File New' and 'Share' features be initiated
through Sugar itself, not through the activities.
----------------------+-----------------------------------------------------
Reporter: mstone | Owner: dcbw
Type: defect | Status: new
Priority: blocker | Milestone: Trial-3
Component: sugar | Version:
Resolution: | Keywords: security, sugar
Verified: 0 |
----------------------+-----------------------------------------------------
Comment (by mstone):
Controlling remote interactions:
We're figuring out how to handle this with DBus security policies and with
control over the network interfaces exposed to the activities (see P_NET,
in Bitfrost).
Sharing:
We trust Sugar but not the activities. Therefore, the only way we can know
that *the human user* and not malicious code wants the activity to be
shared is to require that the user indicate his or her intent to Rainbow
*through Sugar*. We feel less strongly about the specific visual way this
interaction is represented; however, the interaction *must* take place
through Sugar itself and not through the activity.
Open/Keep:
Recording new files (or new versions of old files) presents a different
threat than that posed by reading the user's files: resource exhaustion
vs. loss of privacy. We can statically handle the resource exhaustion
attack with appropriate accounting and rate-limiting in the Datastore. The
privacy-damaging threats are the ones we're trying to control with
mandatory user/Sugar interaction.
--
Ticket URL: <http://dev.laptop.org/ticket/2328#comment:2>
One Laptop Per Child <http://laptop.org/>
More information about the Bugs
mailing list