[OLPC Security] find_bundle, etc in util/bundle.py

Marcus Leech mleech at nortel.com
Mon Nov 5 15:42:18 EST 2007


Michael Stone wrote:
> Absolutely. I'm just saying that when Ivan and Marco looked into this
> problem, they concluded, for reasons that have not been explained, that
> the security records were best put into a separate file in the format
> parsed by
>
>   http://dev.laptop.org/git?p=users/krstic/installer;f=permissionset.py;hb=HEAD;
>
>   
Yup, looked at that.  Thanks.
> Can you say more about what makes you nervous, please?
>
>
>   
I haven't fully internalized how DBUS messages get authenticated, and
since (unless I'm badly mistaken) Activities
  have access to DBUS, it seems possible that an entity attached to DBUS
could emit a message that they weren't
  actually authorized to emit.   But, if the answer is "Activities don't
have access to DBUS", then I'm happy, or
  the answer is "Messages coming off of DBUS are strongly authenticated,
and checked for authorization" then
  I'm also happy.
> This is the name of a git repository on dev.laptop.org.
>
> An HTTP url would be:
>
>   http://dev.laptop.org/git/users/krstic/installer
>
> Anonymous git is:
>
>   git://dev.laptop.org/users/krstic/installer
>
> Git+SSH:
>
>   git+ssh://<user>@dev.laptop.org/git/users/krstic/installer
>
> Best,
>
> Michael
>
>   
Yup figured that out, too :-)



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
Url : http://lists.laptop.org/pipermail/security/attachments/20071105/df0fb4f9/attachment-0001.pgp 


More information about the Security mailing list