Congratulations! but Sugar sucks

Benjamin M. Schwartz bmschwar at
Thu Jul 24 15:50:25 EDT 2008

Hash: SHA1

Mikus Grinbergs wrote:
| I'm not familiar with the details of the Rainbow implementation, but
| I question this claim:
|> Sugar, as it currently stands, is among the least secure operating systems
|> ever, far less secure than any modern Linux or Windows OS.  I can easily
|> write an Activity that, when run by the user, escalates to root privileges
|> and does anything I like with the system.
| My understanding was that something called an 'Activity' would be
| assigned its own userid-groupid.  The standard Linux permissions
| would prevent such an 'Activity' from messing up the system.

The problem is the "loophole'd" activities: Journal and Terminal.  These
two activities run with the full privileges of the user.  The identity of
an activity is simply its D-Bus name.  Therefore, if I write an Activity
and set its D-Bus name to be org.laptop.TerminalActivity, it will run as
user "olpc", not as an isolated user.  It will therefore have root access
via passwordless su.

This loophole was meant as a temporary workaround, to be replaced once
Sugar acquired a secure mechanism for providing specific Activity bundles
with elevated privileges.  I'm merely suggesting that it is time to
implement that mechanism.

- --Ben
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the Devel mailing list