[sugar] Congratulations! but Sugar sucks
Benjamin M. Schwartz
bmschwar at fas.harvard.edu
Thu Jul 24 15:50:25 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mikus Grinbergs wrote:
| I'm not familiar with the details of the Rainbow implementation, but
| I question this claim:
|
|> Sugar, as it currently stands, is among the least secure operating systems
|> ever, far less secure than any modern Linux or Windows OS. I can easily
|> write an Activity that, when run by the user, escalates to root privileges
|> and does anything I like with the system.
|
| My understanding was that something called an 'Activity' would be
| assigned its own userid-groupid. The standard Linux permissions
| would prevent such an 'Activity' from messing up the system.
The problem is the "loophole'd" activities: Journal and Terminal. These
two activities run with the full privileges of the user. The identity of
an activity is simply its D-Bus name. Therefore, if I write an Activity
and set its D-Bus name to be org.laptop.TerminalActivity, it will run as
user "olpc", not as an isolated user. It will therefore have root access
via passwordless su.
This loophole was meant as a temporary workaround, to be replaced once
Sugar acquired a secure mechanism for providing specific Activity bundles
with elevated privileges. I'm merely suggesting that it is time to
implement that mechanism.
- --Ben
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkiI3QEACgkQUJT6e6HFtqSOKQCcCwW0dNZ9nnrHgF/bzEuU0YPj
wdUAn2Vnfx+RVw95W/fUXqtcQVF2aGSI
=bs5K
-----END PGP SIGNATURE-----
More information about the Sugar
mailing list