ubuntu-phone team mailing list archive

[Sergio Schvezov <sergio.schvezov@xxxxxxxxxxxxx>]

On Tue, Aug 13, 2013 at 10:33 AM, Michael Zanetti <
michael.zanetti@xxxxxxxxxxxxx> wrote:

> On Tuesday 13 August 2013 10:01:58 Sergio Schvezov wrote:
> > On Tue, Aug 13, 2013 at 9:33 AM, Michael Zanetti <
> >
> > michael.zanetti@xxxxxxxxxxxxx> wrote:
> > > Hi,
> > >
> > > I've just been watching this demo [1] on how to publish click packages.
> > > Looks
> > > very promising! However, one question that comes up here is at the
> > > uploading
> > > step (3:13 in the video):
> > >
> > > The website allows to upload a binary package and a source package.
> > > However, I
> > > can't see any connection between those two. How can I be sure that the
> > > binary
> > > click package indeed contains an unmodified version of the uploaded
> source
> > > package? From what I can see here I could easily publish some source
> code
> > > and
> > > then build a malicious package containing some additional bad code.
> >
> > You will be confined by apparmor here and very limited in the bad things
> > you can do.
>
> I don't agree here. I'm not entirely sure how AppArmor works, but I assume
> it
> would block access to, for instance, my address book. If I still want to
> use
> that app there must be some place where I can grant permissions to an app
> to
> access my address book. This is where I would like to know what the package
> actually does with my address book and where I would need to rely on the
> fact
> that the binary package is indeed an *unpatched* version of the uploaded
> source package.
>
>
I seem to have phrased it wrong; and yes I agree with you and would add
that you would also be hit by this possibility with a closed source app.

I'm leaving the rest of the story for the folk who designed this.