Active Topics

 


Reply
Thread Tools
javispedro's Avatar
Posts: 2,355 | Thanked: 5,249 times | Joined on Jan 2009 @ Barcelona
#131
Originally Posted by rainisto View Post
Store programs should not be able to place random phone calls nor hidden sms messages. All those things that can cause costs to end users should basicly open sailfish sms and phone applications, and end user needs to manually press send or call button.

But of course if you sideload root suid applications while in developer mode, then $RANDOM_NON-STORE_NATIVE_APPS can cause you costs by sending hidden smses. (Android apps cant make hidden phonecalls nor sms messages).
But this is exactly one of the problems I saw with Aegis: the lack of granularity. Here, you are simplistically creating just two tokens: "things that can cause cost to end users" and "everything else". This is terrible as I can think of a few things that do not cause cost to end users and yet I do not want $RANDOM_STORE_APPS from doing them (e.g. spamming my address book). Aegis, at least, had 5 or 6 "interesting" tokens (the rest were basically garbage as they were not designed to protect the user).

Additionally, by preventing suid apps entirely in the official store you're already removing control from the user, as there are may be some things that can be only done with suid apps that semantically are not "things that cause cost" (e.g. backup programs? other-half drivers?) .

That said I'm not necessarily in favour of allowing suid binaries to the store. To put it simply, this problem requires severe consideration.

(Also, since compositor runs as "nemo" uid, can't you just ptrace it/WriteProcessMemory() and simulate clicks around the interface?)

Last edited by javispedro; 2013-12-16 at 15:19.
 

The Following 7 Users Say Thank You to javispedro For This Useful Post:
Reply


 
Forum Jump


All times are GMT. The time now is 08:47.