[sugar] Initial Security Patches

Noah Kantrowitz kantrn at rpi.edu
Tue Jul 31 23:02:55 EDT 2007


Dan Williams wrote:
> On Tue, 2007-07-31 at 21:45 +0200, Marco Pesenti Gritti wrote:
>   
>> Hello,
>>
>> thanks for the explanation, it clarifies a lot of things.
>>
>> As I just said to Ivan and coderanger on irc we needs to be clear on
>> the actual goals for Trial-3. In particular I'd like to know:
>>
>> 1 Are we aiming to enable this by default for Trial-3
>>     
>
> Yes.  If activities in containers don't go into Trial 3, they will not
> get into FRS.  They don't have to be locked down at all, just have
> activities launched in containers.  We just have to figure out by
> Trial-3 if people can fix the bugs that come up.  If they can't, we rip
> containers back out and re-evaluate the security position.
>
>   
>> 2 Are we aiming at pushing one-instance-per-process for Trial-3
>>     
>
> We may just end up whitelisting EToys and Browse as
> multiple-instance-per-process activities, and just accept that one
> Browse instance can interact adversely with all other instances.  I
> don't think we've  made that call concretely yet though we did discuss
> it on the train today.
>   
This has always been the plan for the two of them AFAIK. When we
formalize the new launcher protocol, I intend to use Browse as the POC
of monolithic activities.

--Noah


More information about the Sugar mailing list