ubuntu-appstore-developers team mailing list archive

[Rick Spencer <rick.spencer@xxxxxxxxxxxxx>]

AIUI it's not a matter of making click work with xorg, it's a matter
of making app armour work with xorg so that we don't have to inspect
each application by hand to ensure that it is not malicious. In other
words, this is about application sandboxing, not about click.

Please, someone, correct me if I am wrong, but I think the situation
is that it is trivial to write an application that looks at all x
input events, even for application windows from other apps. As such, I
can write an app that looks for something that looks like a credit
card number being entered into a web browser (as one obvious example)
and upload that data to my evil server. We don't think this is a
problem in the Ubuntu repositories today because we inspect each
application to make sure they don't do such a thing.

However, we want to make it easier for application developers to get
their apps to users by, among other things, making it difficult for
malicious applications to do naughty things, and therefore minimizing
the effort and time necessary for manually checking them. We can
achieve this reduction in manual vetting only via tight sand-boxing
for applications. With Mir, it is relatively easy, aiui, to use app
armour to restrict an application from knowing about other application
windows, and therefore denying them access to the input for those
windows. With xorg, it is not easy to use app armour in such a manner.

So, the question is about whether we can/should plug the security hole
in xorg, it's not really about click.

Cheers, Rick

On Fri, Jul 26, 2013 at 9:54 AM, Simon <oct4v14n@xxxxxxxxxxxxxx> wrote:
> So Click will put its efforts into running with Mir first.
> But after everything works fine with Mir, Click will gain support for X.org
> and (if used by a actual desktop environment) Wayland?
>
> Did I interpreted it right now?
>
> Am 25.07.2013 18:26, schrieb Jamie Strandboge:
>
>> On 07/25/2013 10:45 AM, Simon wrote:
>>>
>>> How do we handle other desktop environments. Will I be able to install
>>> Click-Packages in Xfce / KDE / Gnome?
>>>
>>> Will I be able to run those installed Applications?
>>> If I'm able to run those applications, we need to support X.org. We also
>>> need to
>>> support Wayland in a (not so far away) future.
>>>
>>> If we cut those flavors out of the App-Ecosystem [ie. answer my first or
>>> 2nd
>>> question with "no"], how will we answer the user the question "Why can't
>>> I used
>>> a core feature of Ubuntu in his offical supported falvors?"
>>>
>>>
>>> I hope I didn't misinterpreted this thread. My interpretation is "Are we
>>> able to
>>> support X.org with click? - Eventually no, because X.org dosn't meet our
>>> desired
>>> security level."
>>
>>
>> That is not what I said.
>>
>> What I am saying is that we need display server mediation so that people
>> can run
>> the apps from the appstore safely and we should wait until it is in place.
>> Mir
>> gives us that by design, X does not. There is a lot of work to do and we
>> must
>> prioritize, and X is lower than other work because of Mir. AIUI, other
>> desktop
>> environments can be made to work with Mir[1], so if they use Mir (or
>> probably
>> Wayland), there is no problem.
>>
>> If you or others would like to work on X mediation with AppArmor, please
>> send an
>> email to the apparmor mailing list or talk to us on #apparmor on OFTC.
>>
>> [1]https://lists.ubuntu.com/archives/ubuntu-devel/2013-June/037307.html
>> [2]https://lists.ubuntu.com/mailman/listinfo/apparmor
>>
>>
>>
>
> --
> kind regards
>
> Simon
>
> --
> Mailing list: https://launchpad.net/~ubuntu-appstore-developers
> Post to     : ubuntu-appstore-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ubuntu-appstore-developers
> More help   : https://help.launchpad.net/ListHelp