[sugar] Congratulations! but Sugar sucks

Benjamin M. Schwartz bmschwar at fas.harvard.edu
Thu Jul 24 15:50:25 EDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mikus Grinbergs wrote:
| I'm not familiar with the details of the Rainbow implementation, but
| I question this claim:
|
|> Sugar, as it currently stands, is among the least secure operating systems
|> ever, far less secure than any modern Linux or Windows OS.  I can easily
|> write an Activity that, when run by the user, escalates to root privileges
|> and does anything I like with the system.
|
| My understanding was that something called an 'Activity' would be
| assigned its own userid-groupid.  The standard Linux permissions
| would prevent such an 'Activity' from messing up the system.

The problem is the "loophole'd" activities: Journal and Terminal.  These
two activities run with the full privileges of the user.  The identity of
an activity is simply its D-Bus name.  Therefore, if I write an Activity
and set its D-Bus name to be org.laptop.TerminalActivity, it will run as
user "olpc", not as an isolated user.  It will therefore have root access
via passwordless su.

This loophole was meant as a temporary workaround, to be replaced once
Sugar acquired a secure mechanism for providing specific Activity bundles
with elevated privileges.  I'm merely suggesting that it is time to
implement that mechanism.

- --Ben
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiI3QEACgkQUJT6e6HFtqSOKQCcCwW0dNZ9nnrHgF/bzEuU0YPj
wdUAn2Vnfx+RVw95W/fUXqtcQVF2aGSI
=bs5K
-----END PGP SIGNATURE-----


More information about the Sugar mailing list