[OLPC Security] launching an activity from an activity
Bert Freudenberg
bert at freudenbergs.de
Thu Oct 9 09:07:15 EDT 2008
Am 09.10.2008 um 13:48 schrieb Mikus Grinbergs:
> The only difficulty I see with this is if Activity-1 is accessing a
> resource that is needed by Activity-2 (Activity-1 may have to "give
> up" that resource). If the resource was "dynamic output" from
> Activity-1, it would have to be placed where both Activities have
> permission to access (e.g., in /tmp), and its location would have to
> be passed by Rainbow to Activity-2 (presumably by a mechanism
> similar to the way information from a Journal entry is passed to an
> Activity launched from that entry).
Well, I don't think the launching of an activity from another is that
controversial (it might still be a DOS if an activity spawns others
continuously). The point is passing data from one to the next without
user interaction. The scenario is something like one activity reads
private data, encodes it in a URL and has Browse open it, which gets
sent to some malicious dude in Kansas. To prevent that we put the link
in the Journal and hope the user will figure out if it is safe to
click that entry or not. Which I do find silly, it's no better than a
"do you really want to ..." dialog.
From a user's POV I want to click on a URL sent by a buddy in Chat
and have the browser go there without further ado. Or, if a user
clicks a PDF link in Browse it should open in Read, no questions
asked. I fail to see why putting stuff in the Journal helps security.
- Bert -
More information about the Security
mailing list