[sugar] Clicking links (was Re: sugar roadmap)
Bert Freudenberg
bert at freudenbergs.de
Fri Apr 11 11:15:04 EDT 2008
On 11.04.2008, at 07:12, Eben Eliason wrote:
> On Fri, Apr 11, 2008 at 10:03 AM, Jameson Chema Quinn
> <jquinn at cs.oberlin.edu> wrote:
>> I'm assuming that the data would only go one way. In that case, the
>> permission would be, an app without P_NETWORK would not be able to
>> request
>> opening of apps with P_NETWORK. No new permissions needed, just
>> careful
>> attention to the ones we have.
>
> Sorry, I'm not sure I understand this particular requirement. The
> activity launched will be completely isolated from that which
> requested it. Why would we need to make this statement hold? If I
> have, for instance, chosen to trust my web browser to use P_NETWORK,
> then why should it matter that it was asked to launch by something
> that didn't?
Because a malicious activity could encode a private document as URL
and have the browser go to that URL, which would send it to any server
on the internet.
I personally find addressing this scenario not worth the awkwardness
we currently have, clicking a URL in any activity should open a
browser on that URL, no questions asked, IMHO. If necessary, invent a
new permission for this.
- Bert -
More information about the Sugar
mailing list