Sex, 2007-05-18 às 12:50 +0100, Andrew Sobala escreveu: > Rui Miguel Silva Seabra wrote: > > Sex, 2007-05-18 às 12:54 +0200, Martin Soto escreveu: > >> Hi Andrew, > >> > >> On Fri, 2007-05-18 at 11:28 +0100, Andrew Sobala wrote: > >>> Martin Soto wrote: > >>> > >>>> An additional point that nobody has mentioned so far is security. Most > >>>> (if not all) plugin implementations already available for Gnome programs > >>>> seem to allow for installing plugins in some user-owned directory. This > >>>> means that by gaining access to the user's home directory, an attacker > >>>> will be able to install code that gets run every time the user logs in: > >>>> > >>> Yes, you can do that already. It's what the session's for. > > > > However, while /home/ can be mounted without any execution > > permissions, /usr not, and thus applications started by the session > > manager are supposedly blessed by the admins (distro maintainers, and > > what not) while those installed in ~/ *aren't*. > > It's a good point. So we can solve this by requiring plugins to have +x > in order to be loaded? Seems quite elegant to me. In a non-exec partition, you can still have the +x bits, even though programs won't execute so I don't think it is a meaningful check. This is a tricky problem, and quite the same as with firefox add-ons... Stuff like these opens attack vectors through which "viruses", "trojans" and what not can come in and wreack havoc. It's best to not be there at all unless very safe sandboxes are used. Rui -- + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...?
Attachment:
signature.asc
Description: Esta =?ISO-8859-1?Q?=E9?= uma parte de mensagem assinada digitalmente