USERNAME

[Andrew Sayers]

Phil Bull wrote:
<snip>
> 
> I'm interested in the security implications of this. How are you going
> to deal with sudo, or obfuscated code?

My current plan for 'sudo', 'rm -f', '/dev/hda1' and so on is to print a 
warning (see attached).  When there's more than one hint/warning, I'm 
thinking of making the user click through each message before they're 
allowed to run/save the script.  In the particular case of 'sudo', the 
script will always run 'sudo -k' (to force the user to type a password) 
when the script starts.

I can't think of any good solution for obfuscated code within the scope 
of a Firefox plugin, so I wasn't even going to try.  I'd like to hear 
suggestions, but my instinct is to make this more of a tool that teaches 
good habits, rather than a safety net that obviates the need to think 
for yourself.

	- Andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sudo-rm-rf-important-system-file.png
Type: image/png
Size: 18860 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-doc/attachments/20090726/ccb5519c/attachment.png>