[OLPC Security] [sugar] Web activity not containerized?
Marcus Leech
mleech at nortel.com
Sat Dec 22 21:15:02 EST 2007
Michael Stone wrote:
>
> I agree that there's no need to protect one instance from itself, but I
> feel quite strongly that it is important to force authors to be explicit
> about the communication that takes place between separate instances.
>
> Others should feel free to disagree in the form of justified patches so
> that we can publicly consider the merits of their proposal.
>
>
The activity that I "fear" the most from the point of view of getting
"compromised" (that is, remote-code-execution)
is Browse. And our band-aid is to de-isolate it. I understand *why*,
but it still seems a little nausea-making to me.
I don't instantly have a suggested cure, of course, so I'm willing to
live with band-aids.
Browsers are big, hairy, and complicated. Which is precisely the kind
of fertile ground in which remote exploits
germinate and grow.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
Url : http://lists.laptop.org/pipermail/security/attachments/20071222/3b95d510/attachment.pgp
More information about the Security
mailing list