scripting proposal draft 3
K Robinson
zwokkqxpozgc+nznebxrznvyyvfg1 at gmail.com
Wed Apr 9 04:58:30 UTC 2008
On Tuesday 08 April 2008 5:50:07 pm Seb Ruiz wrote:
> On 09/04/2008, K Robinson <zwokkqxpozgc+nznebxrznvyyvfg1 at gmail.com> wrote:
>
> That is one awesome email address!
Uh..ok. It's a disposable (but permanent) email address. Gmail allows for
any email suffixes after a +. Trust me, I haven't memorized it, and have no
plans to.
So...about the "how" of security in amarok scripts...how is protection even
really feasible against a script running on the system? I sort of doubt
there are sandbox options for each (or any) of the available scripting
languages. Perhaps SELinux and AppArmor policies should ship with the amarok
package, where available? (SELinux is a headache to even understand though).
Aside from security goals, the user ought to stay in control of their
interface despite idiotic scripts. Users may need to see, prevent, approve
or stop certain script actions while trying out new scripts ("no, I do not
want you to 'correct' these track titles and genres en masse, or reset my
ratings and scores.").
Malicious scripts: What happens if a script redirects you from magnature to a
malicious site, by replacing or duplicating the magnature tab? Or tags all
your music as "erotic"?
Should one assume that in 16 months, secure sandbox frameworks for perl,
python, ruby, etc will be available, making amarok the weakest link? Maybe
not. Perhaps the thing that makes most sense is what Henry Valence said:
users should be warned and educated about the risks of running scripts.
Perhaps a cursory and unofficial code audit could be done on the most popular
scripts? Also, a PEBCAK test could be run as shown in my signature to
decide if a user should be allowed to touch the keyboard ;)
-K. Robinson
"This program 'Amarok' is about to run "virus.exe" with Adminsitrator
privileges. Continue?" The user, anxious to get on with his work,
clicks "yes".
More information about the Amarok
mailing list