On Parcel and CPIA Script Security
July 26th, 2005 by Heikki ToivonenWe have made a conscious decision to not try and implement half-hearted security sandboxes for CPIA Script and third party parcels. Because Python itself does not provide a sandbox (unlike Java and Javascript, for example), this would be pretty hard to do, although projects like Zope have come up with limited sandbox-like functionality.
What this means is that any CPIA script or parcel can do anything a regular user, and by extension Chandler, can do.
Please note that this is no different from the way Mozilla Firefox extensions work, for example. Once you start installing a Mozilla Firefox extension, it can do whatever it wants. In case it is malicious, bad things will happen.
There are several ways in which the Mozilla project mitigates these risks. First, most users will be installing extensions from the SSL-protected site addons.mozilla.org. Although there are no guarantees the extensions installed from there are not malicious, it is somewhat unlikely. It is possible to install extensions from other sites as well, but this requires more user action, which hopefully makes some people think about the implications of their actions, and will also discourage a fair number of people altogether. Finally there is a two second delay in the install dialog so that people won’t accidentally click the install button without having a chance to see it. The Mozilla project also supports signed extensions, but these are extremely rare due to the difficulty of the signing process.
The success of the Mozilla Firefox project, and at least as of yet the rarity of malicious extensions, seems like a good model to adopt for Chandler as well. Once 3rd party Chandler parcels start appearing we should provide a trusted site from which to search and download these parcels.
Finally, there is a way to limit the damage of potentially malicious Firefox extensions or Chandler parcels. Do not run the computer with root or administrator privileges.
free viagra
buy viagra online
generic viagra
how does viagra work
cheap viagra
buy viagra
buy viagra online inurl
viagra 6 free samples
viagra online
viagra for women
viagra side effects
female viagra
natural viagra
online viagra
cheapest viagra prices
herbal viagra
alternative to viagra
buy generic viagra
purchase viagra online
free viagra without prescription
viagra attorneys
free viagra samples before buying
buy generic viagra cheap
viagra uk
generic viagra online
try viagra for free
generic viagra from india
fda approves viagra
free viagra sample
what is better viagra or levitra
discount generic viagra online
viagra cialis levitra
viagra dosage
viagra cheap
viagra on line
best price for viagra
free sample pack of viagra
viagra generic
viagra without prescription
discount viagra
gay viagra
mail order viagra
viagra inurl
generic viagra online paypal
generic viagra overnight
generic viagra online pharmacy
generic viagra uk
buy cheap viagra online uk
suppliers of viagra
how long does viagra last
viagra sex
generic viagra soft tabs
generic viagra 100mg
buy viagra onli
generic viagra online without prescription
viagra energy drink
cheapest uk supplier viagra
viagra cialis
generic viagra safe
viagra professional
viagra sales
viagra free trial pack
viagra lawyers
over the counter viagra
best price for generic viagra
viagra jokes
buying viagra
viagra samples
viagra sample
cialis
generic cialis
cheapest cialis
buy cialis online
buying generic cialis
cialis for order
what are the side effects of cialis
buy generic cialis
what is the generic name for cialis
cheap cialis
cialis online
buy cialis
cialis side effects
how long does cialis last
cialis forum
cialis lawyer ohio
cialis attorneys
cialis attorney columbus
cialis injury lawyer ohio
cialis injury attorney ohio
cialis injury lawyer columbus
prices cialis
cialis lawyers
viagra cialis levitra
cialis lawyer columbus
online generic cialis
daily cialis
cialis injury attorney columbus
cialis attorney ohio
cialis cost
cialis professional
cialis super active
how does cialis work
what does cialis look like
cialis drug
viagra cialis
cialis to buy new zealand
cialis without prescription
free cialis
cialis soft tabs
discount cialis
cialis generic
generic cialis from india
cheap cialis sale online
cialis daily
cialis reviews
cialis generico
how can i take cialis
cheap cialis si
cialis vs viagra
levitra
generic levitra
levitra attorneys
what is better viagra or levitra
viagra cialis levitra
levitra side effects
buy levitra
levitra online
levitra dangers
how does levitra work
levitra lawyers
what is the difference between levitra and viagra
levitra versus viagra
which works better viagra or levitra
buy levitra and overnight shipping
levitra vs viagra
canidan pharmacies levitra
how long does levitra last
viagra cialis levitra
levitra acheter
comprare levitra
levitra ohne rezept
levitra 20mg
levitra senza ricetta
cheapest generic levitra
levitra compra
cheap levitra
levitra overnight
levitra generika
levitra kaufen
July 27th, 2005 at 7:41 am
“Do not run the computer with root or administrator privileges.”
Well, easier said that done in Windows as there are thousands of programs, including anti-virus and other security stuff will only run properly with admin privileges. And to date Windows hasn’t exactly made it easy to run without admin priviilges. I bet 95% of Windows users have no clue about running as non-admin or how to run selected programs with reduced privileges.
Useful links, tools and how-to info here: http://nonadmin.editme.com/
There seem to be quite a few people at Microsoft, bless them, that get this, e.g.:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnlong/html/leastprivlh.asp
I use “Drop My Rights” to run Thunderbird and Firefox with reduced privileges. See:
http://msdn.microsoft.com/security/securecode/columns/default.aspx?pull=/library/en-us/dncode/html/secure11152004.asp
July 27th, 2005 at 7:50 am
Oops! The URLs got mangled. One more try again. All the various sites and tools I referenced can be found here:
http://nonadmin.editme.com/ — Or just Google nonadmin.
July 27th, 2005 at 10:23 am
Qukza’s last comment had a URL that got munged. The URL was supposed to be – http://nonadmin.editme.com . There is a quirk in this WordPress installation where ending a paragraph with a URL causes problems.
So in the future, make sure you put additional characters following a URL before you hit that carriage return.
BTW – I just went back and fixed those previous comments by adding some space characters at the end of the URL lines.
Pieter
July 27th, 2005 at 10:40 am
Yes, I know running Windows without admin rights is hard. I tried to do it with Windows 2000, but too many things broke. When I got Windows XP in 2003 I tried it again, and have since then run Windows as regular user.
Sure, there are still problems, but few enough that I can actually live with it.
July 28th, 2005 at 8:21 am
Thanks for fixing the URLs.
Just a thought, but could’t you embed some of the functionality of the tools discussed in the nonadmin site into a program like Chandler? For example, at startup check whether user is “Admin” and then by default lower program privileges so it starts with only “User” privileges.
July 28th, 2005 at 11:52 am
Sure, but it would be a fair amount of work and we don’t even have a usable product yet. Some other projects might be interested, though.
But hopefully Windows Vista will get this right…
July 29th, 2005 at 6:33 am
yes, see Larry Seltzer’s opinon column in eWeek from 7/28 on Vista Beta1 security features.
“Getting an account with Administrator privileges is now the extraordinary case, but it’s not generally going to be necessary. If you do something that requires admin privileges, such changing firewall settings, the system will offer you an opportunity to enter account credentials that have sufficient privileges, such as the Administrator account. So you can run normally as a non-Administrator. This is all called “User Account Protection…”