[Deskbar] Re: Gnome 2.14 Module Proposal: Deskbar Applet
- From: "Gustavo J. A. M. Carneiro" <gjc inescporto pt>
- To: Alan Cox <alan lxorguk ukuu org uk>
- Cc: Thomas Vander Stichele <thomas apestaart org>, Benoît Dejean <benoit placenet org>, Deskbar Applet List <deskbar-applet-list gnome org>, desktop-devel-list gnome org
- Subject: [Deskbar] Re: Gnome 2.14 Module Proposal: Deskbar Applet
- Date: Thu, 27 Oct 2005 14:19:15 +0100
Qui, 2005-10-27 às 14:29 +0100, Alan Cox escreveu:
> On Iau, 2005-10-27 at 13:32 +0100, Gustavo J. A. M. Carneiro wrote:
> > The result: a single process (per user, per display), and a single
> > main loop, for all applets. Of course this means if one applet
> > deadlocks or dies, they all die. But at least dying in python is not so
> > easy. You usually get only an exception that is ignored. Deadlock is
> Which means all the applets run in the same security context which like
> all the assumptions about "root" in other threads is a bad idea. To
> apply good security policies you need isolation not amorphous blobs.
Did you notice I mentioned this is a _per user_ process? I really
don't see what difference it makes having one or 10 processes from a
security point of view. Once the attacker gets in, it can do the same
damage in both cases.
In any case, for applets exposed to network protocols, Python is one
order of magnitude better than C from a security point of view. It's
still hackable, but not nearly as easy.
From a _stability_ point of view, now there is a problem. No way
around that. One applet could block all the other applets, unless
threads are used. And threads should not be used. It is a tradeoff
we'd have to accept. :|
Gustavo J. A. M. Carneiro
<gjc inescporto pt> <gustavo users sourceforge net>
The universe is always one step beyond logic.
] [Thread Prev