LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Improving Ubuntu's application upload process

Improving Ubuntu's application upload process

Posted Sep 6, 2012 8:59 UTC (Thu) by etienne (subscriber, #25256)
Parent article: Improving Ubuntu's application upload process

> Uploads through this mechanism will be done in source form ...
> ... applications will run within their own sandbox

There is a lot of security checks which would be better done on the source code (i.e. once and not at each execution), even automatically.
For instance, by automatically analysing the source, you can deduce which files are needed, which libraries are linked-in (so which package versions are needed), and only allow at run time to access those files (without a user popup) - file name/path accepted at compile time.
You can also reject strait away some function calls (like "system()" or some library binding), even if at run time you did not find a way to trigger them.

Also, for the "Guides to nearby beer festivals" apps, it would be nice to have a "use-by date" where at that date, a check for a newer version is automatically done; if no new version is found the app is automatically dis-installed - else the O.S. asks if the user want to "renew the subscription" or remove the app.
Moreover, if version updates is done magically (the next month of beer festivals), there is no need for the app to ask for network access privilege.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds