[OLPC Security] [sugar] Web activity not containerized?

Michael Stone michael at laptop.org
Sat Dec 22 21:33:43 EST 2007


On Sat, Dec 22, 2007 at 09:15:02PM -0500, Marcus Leech wrote:
> The activity that I "fear" the most from the point of view of getting
> "compromised" (that is, remote-code-execution)
>   is Browse.  And our band-aid is to de-isolate it.  I understand *why*,
> but it still seems a little nausea-making to me.

Help me get out from under #5033 in a reasonably solid fashion and I'll
be happy to devote more energy toward finding a solution for #5489 that
makes us happy. 

My approach thus far is available at 

  http://dev.laptop.org/git/users/mstone/nss-rainbow

Progress has been slow to date because the API is not very well
documented, I'm paranoid about memory errors, and I'm even more paranoid
about concurrency.

(Note: I also considered libnss-sqlite but decided that since
  a) it looked rather unmaintained to me, and
  b) I'm not a proficient SQL writer, 
it would be unlikely to lead to any productivity gain if I'm doing the
implementation.)

Michael



More information about the Security mailing list