Free desktop application distribution and installation

Matthias Klumpp matthias at tenstral.net
Mon Dec 8 16:12:59 PST 2014


2014-12-09 0:59 GMT+01:00 Mattias Andrée <maandree at member.fsf.org>:
> On Tue, 9 Dec 2014 00:38:30 +0100
> Matthias Klumpp <matthias at tenstral.net> wrote:
>
>> This actually has some security implications, e.g. a
>> malicious software can taint the other applications and
>> use them to hide itself.
>
> Provided that we are talking about applications:

> * Unless you require root they can always so this.

Software installation requires administrative privileges.

> * They can always taint ~/.local, and personally I
>   have ~/.local/bin in my $PATH.
>
> * If your require root they can set setuid, and
>   taint everything.

If the binaries and libraries live in a non-writeable directory, the
only thing bad software running with user privileges can do is placing
a .desktop file which overrides the system-provided one (still bad).
It can not modify the binary itself though, or libraries it uses.


>> once kdbus is merged into the kernel (and
>> large chunks of data can be transmitted via it), we get
>> something which is able to perform these tasks.
>
> Would by mind clarifying what you are talking about?

I highly recommend watching this video of a talk by Lennart Poettering:
http://www.superlectures.com/guadec2013/sandboxed-applications-for-gnome
The slides exist on the net as well.

Cheers,
    Matthias

-- 
Debian Developer | Freedesktop-Developer
I welcome VSRE emails. See http://vsre.info/


More information about the xdg mailing list