[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fenfire-dev] Security with libvob
From: |
Benja Fallenstein |
Subject: |
Re: [Fenfire-dev] Security with libvob |
Date: |
Wed, 20 Oct 2004 23:36:36 +0300 |
User-agent: |
Mozilla Thunderbird 0.8 (X11/20040926) |
Hi,
Matti Katila wrote:
On Tue, 19 Oct 2004, Benja Fallenstein wrote:
Matti Katila wrote:
How libvob should work with malicious coordinates or renders?
...
Well, we don't have any sandboxing at the moment and no plans to sandbox
in the near future, so I don't really see the problem. I mean, if a
third party creates a malicious render object, it's also easy to put in
a call of 'rm -rf ~', which is arguably worse than any of the above. :-)
With X I can go to console and kill the application. With libvob I can
kill jvm. I didn't mean security as "make everything so slow because of
all method calls are checked with RSA keys" but rather could we find some
scenarious where scene.otrhoCS(100, "foo", ...) crashes and try to add
reasonable checks, e.g. parent should be smaller number than created
coordsys.
>
> So, I don't want to reserve a button in Fenfire for
> Kill-last-started-application!
Ok, what you want is not protection from *malicious* code, but from
*erroneous* code -- not protection from an evil programmer, but from a
programmer making a mistake :)
Yes, adding checking to Libvob would be a Good Thing.
I do think that making sandboxing work with libvob is too big a project
to make it hold up a release.
We can add minimal sandboxing for childVS and give the child for every
application in screen. That way one missbehaving application is not seen
on screen while not crashing the whole libvob.
That's not sandboxing, but it's fine. ;-)
Cheers,
- Benja