Re: Rise of the Plugins
- From: Andrew Sobala <aes gnome org>
- To: Rui Miguel Silva Seabra <rms 1407 org>
- Cc: Martin Soto <soto informatik uni-kl de>, desktop-devel-list gnome org
- Subject: Re: Rise of the Plugins
- Date: Fri, 18 May 2007 12:50:05 +0100
Rui Miguel Silva Seabra wrote:
Sex, 2007-05-18 �12:54 +0200, Martin Soto escreveu:
Hi Andrew,
On Fri, 2007-05-18 at 11:28 +0100, Andrew Sobala wrote:
Martin Soto wrote:
An additional point that nobody has mentioned so far is security. Most
(if not all) plugin implementations already available for Gnome programs
seem to allow for installing plugins in some user-owned directory. This
means that by gaining access to the user's home directory, an attacker
will be able to install code that gets run every time the user logs in:
Yes, you can do that already. It's what the session's for.
However, while /home/ can be mounted without any execution
permissions, /usr not, and thus applications started by the session
manager are supposedly blessed by the admins (distro maintainers, and
what not) while those installed in ~/ *aren't*.
It's a good point. So we can solve this by requiring plugins to have +x
in order to be loaded? Seems quite elegant to me.
--
Andrew
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]