Hi, Am 20.05.2011 17:29, schrieb François Revol:
Le 20 mai 2011 à 09:26, Axel Dörfler a écrit :Stephan Aßmus<superstippi@xxxxxx> wrote:On 20.05.2011 06:33, David McPaul wrote:I would be more concerned that we now have 2 conceptual ways to load add-ons. (ie put them in the appropriate directory or call a special program)that's a good point. I believe it makes testing decorators a bit easier, though I usually just install a link in the right place to the object file which I am testing. That should have been a solution as well.The only actual difference is that the app_server won't have the possibility to pick up changes automatically (but it didn't do that before, either, so that's only a theoretical loss). From a user point of view, you won't notice any (other) difference to the rest of the system, so I don't think this matters at all. And about the security issue: it would be really trivial to restrict the path to the decorator add-on path.But by not accepting arbitrary paths we wouldn't have to, and wouldn't have not to forget to do it. :p
I don't quite get it. If an ordinary user is supposed to be able to change the decorator, should he be required to become root in order to install it? Wouldn't app_server need to distinguish between user priviledges anyway? After all, when I switch users, I may want to see my own window decor, and not that of the other user(s) logged in concurrently. If the decor affects my own user only, and I tend to think it should, why should I gain root priviledges to even install the necessary add-on in the first place? If on the other hand I am not required to be root to install a decorator, why would app_server have to prevent loading decorator add-ons for my user from arbitrary paths? If app_server could not protect its functionality for other users by using add-ons, maybe add-ons are prohibited from being loaded into app_server. Or maybe app_server needs to run some sandbox per user. I don't know what needs to be done...
It is easy to think security issues only half-way through, and to me it seems these objections are premature, since the whole concept and what app_server has and has not to do isn't clear at all, yet.
Best regards, -Stephan
