[sugar] Initial Security Patches

Michael Stone michael at laptop.org
Tue Jul 31 13:02:53 EDT 2007


On Tue, Jul 31, 2007 at 11:24:55AM +0200, Marco Pesenti Gritti wrote:
> There are a couple of general issues related to the
> one-process-per-activity-instance approach.
> 
> 1 Memory. Every activity process (even a trivial one) uses about 8 MB
> (Resident - Shared) currently.

We are intensely aware of this and are searching for solutions, both
temporary and long term. The temporary solution that we are going
forward with at the moment is to special-case python activities by
having Rainbow maintain a prototype python-activity process which it can
manipulate appropriately.

In the longer term, we seek better kernel tools for managing security
contexts and possibility of sharing between the processes inside them.

> 2 Activities lose the ability to provide services, which might be
> useful for direct interaction between activities. Ex. Write activity
> getting an image from the Camera activity.

Noah has thought more about this issue than I have, since he has been
working to improve our the state of our messaging security. In the mean
time, however, while I begin to ponder it, is there any list of
inter-activity relationships that already exist at the present time? Or
any discussion of proposed relationships?

> I'm not sure if they are blockers, but probably worth thinking about.

No argument that they're worth thinking about from me.

Michael


More information about the Sugar mailing list