[OLPC Security] preliminary [PATCH] and discussion for #5657: activity isolation for all activities in ~/Activities

C. Scott Ananian cscott at laptop.org
Fri Aug 1 18:01:56 EDT 2008


On Fri, Aug 1, 2008 at 5:01 PM, Jameson Chema Quinn
<jquinn at cs.oberlin.edu> wrote:
> Problem: anything named "Journal", "Terminal", "Log", or "Analyze" is not
> isolated. This is the biggest security hole we have right now: it is a
> trivial way for any activity to get root access.

Another possible short-term hack is to simple disable
activitybundle.install() and activitybundle.upgrade() for bundes with
bundle_ids matching those of Journal, Terminal, Log, or Analyze.  This
allows these activities to be installed in /home/olpc/Activites with a
customization key, as usual, but prevents malicious attackers from
using a web link or the activity updater to replace the
originally-installed versions.

This has the benefit of (a) not requiring us to revisit the
"activities in /home" war, and (b) allowing us to upgrade the versions
of these trusted activities in /home in (say) 9.1, using the "proper"
mechanism.
 --scott

-- 
 ( http://cscott.net/ )



More information about the Devel mailing list