Re: Extensions Infrastructure Work
- From: "Jasper St. Pierre" <jstpierre mecheye net>
- To: uzytkownik2 gmail com
- Cc: gnome-shell-list gnome org
- Subject: Re: Extensions Infrastructure Work
- Date: Wed, 6 Jul 2011 15:10:42 -0400
Sorry I didn't follow up on this, but I've abandoned the HTTP approach
in favor of an NPAPI plugin.
I'm doing a bit of a writeup of it soon. The amount of information
spread between GitHub/Wiki/ML is a bit too much for me to clean up,
and I'm trying to get to a point where I have a canonical place to
announce new information. Sorry for the wait.
On Wed, Jul 6, 2011 at 3:01 PM, Maciej Marcin Piechotka
<uzytkownik2 gmail com> wrote:
> On Wed, 2011-06-22 at 15:39 -0400, Jasper St. Pierre wrote:
>>
>> > 2. Multiple users or sessions on the same machine
>> > Only the first session can use it.
>>
>> My idea was that log-out would stop the HTTP daemon for that session
>> and open one for the current user. Unless there's a special case (I
>> didn't think of virt) where two users can be securely both actively
>> having GNOME sessions at the same time, I don't think this is a
>> problem.
>
> I don't know the exact details but what come to my mind
>
> - multiple seats setups would have multiple session running
> - If user A is working and (s)he left computer by clicking 'switch
> user' the programs should continue to run in the background as if
> nothing happened. However user B can log into at the same time. I belive
> that after user switch the illusion of continuity is preserved (i.e.
> windows can be opened/closed, d-bus works) so it would be surprising to
> disallow contacting HTTP daemon
>
>> The only security issue I can think of that arises out of
>> this compromise is that a user could ssh in to the same machine and
>> frob the HTTP server to... install, enable/disable and list extensions
>> from the official GNOME3 site.
>
> Which may prove to be a vector of attack if computer is shared and the
> exploit is discovered and not yet marked as such on site.
>
> Regards
>
> _______________________________________________
> gnome-shell-list mailing list
> gnome-shell-list gnome org
> http://mail.gnome.org/mailman/listinfo/gnome-shell-list
>
>
--
Jasper
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
