Free desktop application distribution and installation
Matthias Klumpp
matthias at tenstral.net
Mon Dec 8 16:12:59 PST 2014
2014-12-09 0:59 GMT+01:00 Mattias Andrée <maandree at member.fsf.org>:
> On Tue, 9 Dec 2014 00:38:30 +0100
> Matthias Klumpp <matthias at tenstral.net> wrote:
>
>> This actually has some security implications, e.g. a
>> malicious software can taint the other applications and
>> use them to hide itself.
>
> Provided that we are talking about applications:
> * Unless you require root they can always so this.
Software installation requires administrative privileges.
> * They can always taint ~/.local, and personally I
> have ~/.local/bin in my $PATH.
>
> * If your require root they can set setuid, and
> taint everything.
If the binaries and libraries live in a non-writeable directory, the
only thing bad software running with user privileges can do is placing
a .desktop file which overrides the system-provided one (still bad).
It can not modify the binary itself though, or libraries it uses.
>> once kdbus is merged into the kernel (and
>> large chunks of data can be transmitted via it), we get
>> something which is able to perform these tasks.
>
> Would by mind clarifying what you are talking about?
I highly recommend watching this video of a talk by Lennart Poettering:
http://www.superlectures.com/guadec2013/sandboxed-applications-for-gnome
The slides exist on the net as well.
Cheers,
Matthias
--
Debian Developer | Freedesktop-Developer
I welcome VSRE emails. See http://vsre.info/
More information about the xdg
mailing list