Request For Candidates: Application Review Board

Luke Faraone luke at faraone.cc
Thu Aug 26 16:08:48 BST 2010 

On 08/26/2010 08:58 AM, Scott Kitterman wrote:
> On Thursday, August 26, 2010 08:14:51 am Paul Sladen wrote:
>> The _*/problem/*_ here is how to get packages from $own_ppa into Ubuntu
>> with a level ease equivalent to the {iPhone,Android,Palm,Ovi} stores.
> 
> This will take more than not running as root.  It will require a more complete 
> sandbox (probably some kind of VM I would guess) to constrain the application 
> to not have more access to the system/user data than they have disclosed.
> 
> I think that not using maintainer scripts, installing to /opt, running as the 
> user are good steps to support the traditional *nix security paradigm of 
> protecting the systems/root, but for this to lead to a truly lightweight 
> system, we will need to kick it up a level and also protect user level data 
> from such applications unless they are authorized to have access to it.

OLPC has attempted to do something like this with Bitfrost[1] and
Rainbow[2]. Rainbow's already packaged[3] for Debian/Ubuntu as a NSS
module with accompanying helper scripts, and provides per-application
isolation in terms of read/write access to files. (each application runs
as its own user, user directories are created and torn down as needed,
persistent configuration is permitted, etc.

Using a system similar to Android, additional application permissions
are declared at install time (like, say, a photo management application
that needs access to all .PNGs and .JPEGs on your local disk), which can
be reviewed as part of the app inclusion process.

It would just need GNOME / KDE hooks for file access (ie. only give an
application access to a file when the application is being invoked with
that file as a parameter, or when a trusted file open dialog is used).
It's already used successfully on the OLPC XO-1 under the Sugar
environment, and is deployed to 1.5 million children.

Currently it does not provide network sandboxing. Work is underway to
prevent malicious X applications from snooping on user input, etc.

With some tweaking, it might be a good fit for our task.

[1]: http://wiki.laptop.org/go/OLPC_Bitfrost
[2]: http://wiki.laptop.org/go/Rainbow
[3]: http://packages.debian.org/sid/rainbow

-- 
╒═════════════════════════════════════════════════════════════════╕
│Luke Faraone                          ╭Debian / Ubuntu Developer╮│
│http://luke.faraone.cc                ╰Sugar Labs, Systems Admin╯│
│PGP: 5189 2A7D 16D0 49BB 046B  DC77 9732 5DD8 F9FD D506          │
╘═════════════════════════════════════════════════════════════════╛

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20100826/d24a73f3/attachment.pgp

More information about the ubuntu-devel mailing list