Page 3 of 25 FirstFirst 1234567813 ... LastLast
Results 41 to 60 of 484
  1. matt3925's Avatar
    Posts
    93 Posts
    Global Posts
    102 Global Posts
    #41  
    has a package been prepared for this yet? i'm really wanting to try it out before i do a wipe. i know you guys are busy, but this looks too good to pass up!
  2. #42  
    Quote Originally Posted by DrewPre View Post
    Question:

    If you have a service that uses scripts that reside somewhere on the filesystem....what is stopping some rogue application from appending to or overwriting that that script with some potentially malicious code of their own, that will be executed the next time that script is run or called upon?
    For packages that have an installation script that runs as root, there is no way you can stop them from doing anything - that's why we have that pop-up screen in Preware to get people to read and confirm that they consent to what the installation script is doing, and that's why we recommend that people never install closed source services unless they 100% know and trust the author.

    The thing we guard against if a normal webOS application (i.e. one which does not invoke the pop-up confirmation screen on installation) being able to subvert a service into doing something.

    -- Rod
    WebOS Internals and Preware Founder and Developer
    You may wish to donate by Paypal to donations @ webos-internals.org if you find our work useful.
    All donations go back into development.
    www.webos-internals.org twitter.com/webosinternals facebook.com/webosinternals
  3. DrewPre's Avatar
    Posts
    818 Posts
    Global Posts
    829 Global Posts
       #43  
    There are some security holes that need patching. Nothing major but have to patch them up before RTP.
  4. DrewPre's Avatar
    Posts
    818 Posts
    Global Posts
    829 Global Posts
       #44  
    The upstart scripts seem vulnerable also.

    Lets say, Acme Wallpaper switcher decides to write an App that secretly echos 'rm -rf /' to line 9 of /etc/event.d/org.webosinternals.ipkgservice. [or simply overwrites the whole file with that one line of code]

    Next time the user restarts, they're screwed!
  5. #45  
    Quote Originally Posted by DrewPre View Post
    The upstart scripts seem vulnerable also.

    Lets say, Acme Wallpaper switcher decides to write an App that secretly echos 'rm -rf /' to line 9 of /etc/event.d/org.webosinternals.ipkgservice. [or simply overwrites the whole file with that one line of code]

    Next time the user restarts, they're screwed!
    Acme Wallpaper switcher needs to run an installation script as root to be able to do that, so you will get the Preware pop-up confirmation screen when you try and install it, and you will see the rm -rf / code in the installation script.

    Note that you don't get the same request for confirmation of installation scripts from WebOS Quick Install, a fact that I've made Jason aware of some time ago, but no action has been taken on it yet.

    -- Rod
    WebOS Internals and Preware Founder and Developer
    You may wish to donate by Paypal to donations @ webos-internals.org if you find our work useful.
    All donations go back into development.
    www.webos-internals.org twitter.com/webosinternals facebook.com/webosinternals
  6. DrewPre's Avatar
    Posts
    818 Posts
    Global Posts
    829 Global Posts
       #46  
    Ya, I am aware of the installation script confirmation dialog. But honestly how many ppl really read that, thoroughly.

    Besides, once an app is installed...it has access to the interweb! It could phone home for updates to it's code.

    It could already have dormant hidden code! That is lying in wait for Festivus Eve!

    Then on that fateful date, it launches a script that it created itself that overwrites ALL, several, or just one key startup script......Then when the user reboots...... BAM!!!!!

    Theoretically this could be months after they tapped accept on an installation script during the install of Acme Wallpaper Switcher!

    See, you got me thinking about Security ... and now you have me all paranoid!!!

    It's your fault Rod!!!
  7. DrewPre's Avatar
    Posts
    818 Posts
    Global Posts
    829 Global Posts
       #47  
    This also raises another question in my mind. Sometimes the archive file that's created has R-X permissions and sometimes only R--....... I just made a mental note when I saw it.... I don't remember if i was on the emulator or my real phone.

    Also could the difference be that I was logged in via SSH as root and it borrowed my credentials? But that shouldn't make a file EXECUTABLE..... Hmmmm, tired...must get rest! If my brain would just shut up!! There's one of those toy monkeys running arond in my head with his damned cymbols!!! KLANG KLANG KLANG!!!!

    ....and those damned Marines with there covert missions....They think I don't hear them .....

    Shhhhhh............


    What was that?
  8. matt3925's Avatar
    Posts
    93 Posts
    Global Posts
    102 Global Posts
    #48  
    well fudge
  9. #49  
    Quote Originally Posted by DrewPre View Post
    Ya, I am aware of the installation script confirmation dialog. But honestly how many ppl really read that, thoroughly.
    Enough for it to be a deterrent for applications that are in feeds where the author has to register an email address to submit, and where rogue applications can be removed from the feed when found.

    Besides, once an app is installed...it has access to the interweb! It could phone home for updates to it's code.

    It could already have dormant hidden code! That is lying in wait for Festivus Eve!

    Then on that fateful date, it launches a script that it created itself that overwrites ALL, several, or just one key startup script......Then when the user reboots...... BAM!!!!!

    Theoretically this could be months after they tapped accept on an installation script during the install of Acme Wallpaper Switcher!

    See, you got me thinking about Security ... and now you have me all paranoid!!!

    It's your fault Rod!!!
    Yep, now you know why I recommend you only install open source stuff that can do things as root ... then you (or someone else) can verify all these things yourself before installing it.

    -- Rod
    WebOS Internals and Preware Founder and Developer
    You may wish to donate by Paypal to donations @ webos-internals.org if you find our work useful.
    All donations go back into development.
    www.webos-internals.org twitter.com/webosinternals facebook.com/webosinternals
  10. jut
    jut is offline
    jut's Avatar
    Posts
    46 Posts
    #50  
    anymore news on this application? will it be added to preware in the near future? im waiting to doctor until this comes out

    excellent job drewpre
  11. DrewPre's Avatar
    Posts
    818 Posts
    Global Posts
    829 Global Posts
       #51  
    Thx.

    I am having trouble with the application backup piece. Specifically the databases and patches.

    The phone and browser part is working.

    I guess I can put it out as is.... I was kinda holding off till I got at least the application piece working. Then I could focus on the Media portion.

    I guess it will never be perfect.

    I will work on the restoration piece this week [should take a couple of days hopefully] and that way at least the backup and restore of phone and browser data will be working and I can iron out the rest as I go.... I'll keep you posted.
  12. #52  
    Does the phone backup portion backup the text messaging databases as well? This would have helped a wekk ago when I had to replace my Pre and lose all my text messages and call logs...
    _________________
    aka Gfunkmagic

    Current device: Palm Pre
    Device graveyard: Palm Vx, Cassiopeia E100, LG Phenom HPC, Palm M515, Treo 300, Treo 600, Treo 650, Treo 700p, Axim X50v, Treo 800w



    Please don't PM me about my avatar. For more info go here.

    Restore your Pre to factory settings using webos doctor and follow these instructions
  13. DrewPre's Avatar
    Posts
    818 Posts
    Global Posts
    829 Global Posts
       #53  
    yes, it does.

    Damn, Tethering being broken in 1.3.1 is so distracting!!!!!
  14. jut
    jut is offline
    jut's Avatar
    Posts
    46 Posts
    #54  
    the most important thing for me is having a backup of text msgs. i can deal with not having the application backup piece.
  15. sidamos's Avatar
    Posts
    614 Posts
    Global Posts
    677 Global Posts
    #55  
    Backup of memos and tasks is important, because they do not get synced to Google.
  16. licotto's Avatar
    Posts
    471 Posts
    Global Posts
    510 Global Posts
    #56  
    DrewPre... I think I may love you ... THIS...IS...AWESOME!!!

    I also can't wait for the Pre-Gmail migration app!!!!!
  17. #57  
    I'm wondering if I did something wrong. I installed the app and did a backup. At the end, it said it had successfully backed up to the USB drive. But when I look on the drive, there is no PPBACKUP directory, or anything along those lines. I tried it twice. I'm missing something obvious, aren't I?
  18. #58  
    Quote Originally Posted by jut View Post
    the most important thing for me is having a backup of text msgs. i can deal with not having the application backup piece.
    +1
  19. #59  
    Quote Originally Posted by KnoxBNYC View Post
    I'm wondering if I did something wrong. I installed the app and did a backup. At the end, it said it had successfully backed up to the USB drive. But when I look on the drive, there is no PPBACKUP directory, or anything along those lines. I tried it twice. I'm missing something obvious, aren't I?
    Quote Originally Posted by DrewPre View Post

    Anyway, I've uploaded the Application and have screenshots of what it looks like but It's still reliant upon the mojo service tho. so you cant do anything until I get the service packaged and uploaded to one of the preware feeds.

    The actual service to do the work is not in the ipk. It is just the front end.
  20. #60  
    First of all thank you very much for this wonderfull app!

    I've saw the print screen of this app and a question poped in my head: I think it would be nice to backup patches and apps separately because many of us would like to backup apps and not patches so we can install them from scratch.
Page 3 of 25 FirstFirst 1234567813 ... LastLast

Tags for this Thread

Posting Permissions