#5657 NORM 8.2.0 (: Rainbow should check that loophole'd activities come from /usr/share/activities.
Zarro Boogs per Child
bugtracker at laptop.org
Thu Aug 7 12:10:57 EDT 2008
#5657: Rainbow should check that loophole'd activities come from
/usr/share/activities.
-------------------------+--------------------------------------------------
Reporter: cscott | Owner: homunq
Type: defect | Status: new
Priority: normal | Milestone: 8.2.0 (was Update.2)
Component: security | Version:
Resolution: | Keywords: security, rainbow-integration, r?, 8.2?
Next_action: never set | Verified: 0
Blockedby: | Blocking:
-------------------------+--------------------------------------------------
Changes (by homunq):
* keywords: security, rainbow-integration => security, rainbow-
integration, r?, 8.2?
Comment:
|TestCase|
(note: two independent patches, to cover two parts of this bug. The "don't
install applications in Rainbow's loophole" is to sugar-toolkit, and the
"don't add bundles to registry..." is to sugar.
To test sugar-toolkit: Use Browse to download a new (or old) version of
Terminal, Log, or Analyze. Run from journal. Confirm that they did not
install.
To test sugar: you need to hack an activity to call
sugar.activity.registry.add_bundle using a path not in ~/Activities, and
make sure it fails to add. I will post a hacked activity that does that
later today.
--
Ticket URL: <http://dev.laptop.org/ticket/5657#comment:9>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system
More information about the Bugs
mailing list