[haiku-commits] Re: r41581 - in haiku/trunk: headers/private/interface src/add-ons/decorators/BeDecorator src/add-ons/decorators/MacDecorator src/add-ons/decorators/SATDecorator src/add-ons/decorators/WinDecorator ...
- From: "Axel Dörfler" <axeld@xxxxxxxxxxxxxxxx>
- To: haiku-commits@xxxxxxxxxxxxx
- Date: Sat, 21 May 2011 13:56:05 +0200
Stephan Aßmus <superstippi@xxxxxx> wrote:
> I don't quite get it. If an ordinary user is supposed to be able to
> change the decorator, should he be required to become root in order
> to
> install it?
It's quite simple: you must not allow to run any untrusted add-ons in a
piece of trusted software, because that makes the whole thing
vulnerable - and that's the same for media add-ons, kernel drivers,
etc.
The solution would be either to put the decorators into another team
per user (ie. the sandbox approach), or by making sure only non-
standard users (like root) can install them.
> After all, when I switch users, I may want to see my
> own window decor, and not that of the other user(s) logged in
> concurrently.
Which has nothing to do with the security issue.
> If the decor affects my own user only, [...]
If it runs in the app_server it does not only affect your user account
only, that's the point.
Bye,
Axel.
Other related posts:
