#8169 NORM 9.1.0: Activites installed via browse or sugar-update-control can have bogus permissions.
Zarro Boogs per Child
bugtracker at laptop.org
Tue Aug 26 18:41:31 EDT 2008
#8169: Activites installed via browse or sugar-update-control can have bogus
permissions.
----------------------+-----------------------------------------------------
Reporter: cscott | Owner: marco
Type: defect | Status: new
Priority: normal | Milestone: 9.1.0
Component: sugar | Version: Development build as of this date
Keywords: security | Next_action: never set
Verified: 0 | Blockedby:
Blocking: |
----------------------+-----------------------------------------------------
olpc-configure does its best to sanitize the permissions given to files in
unpacked activity bundles -- mostly to prevent problems caused by authors
inadvertently giving files too few permissions, but it also closes holes
left by activity authors who make things overly permissive (see #8166).
The activitybundle.install() path should probably perform the sane sanity
checks/normalization on bundle permissions when it installs them. If this
bug is deferred until 9.1, then fuse-mounting zip bundles should ignore
any permissions specified by the zip bundle and instead use reasonable
overrides for files and directories.
--
Ticket URL: <http://dev.laptop.org/ticket/8169>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system
More information about the Bugs
mailing list