[OLPC Security] preliminary [PATCH] and discussion for #5657: activity isolation for all activities in ~/Activities
C. Scott Ananian
cscott at laptop.org
Fri Aug 1 18:01:56 EDT 2008
On Fri, Aug 1, 2008 at 5:01 PM, Jameson Chema Quinn
<jquinn at cs.oberlin.edu> wrote:
> Problem: anything named "Journal", "Terminal", "Log", or "Analyze" is not
> isolated. This is the biggest security hole we have right now: it is a
> trivial way for any activity to get root access.
Another possible short-term hack is to simple disable
activitybundle.install() and activitybundle.upgrade() for bundes with
bundle_ids matching those of Journal, Terminal, Log, or Analyze. This
allows these activities to be installed in /home/olpc/Activites with a
customization key, as usual, but prevents malicious attackers from
using a web link or the activity updater to replace the
originally-installed versions.
This has the benefit of (a) not requiring us to revisit the
"activities in /home" war, and (b) allowing us to upgrade the versions
of these trusted activities in /home in (say) 9.1, using the "proper"
mechanism.
--scott
--
( http://cscott.net/ )
More information about the Devel
mailing list