So I was randomly waltzing around the SVN looking for the new codecs that I heard were checked in, and I found the decorators section! However, it appears that the Decors are implemented as binary plugins!
Are the initial appearances deceiving me, or are Haiku Decors to be implemented as binaries? If they are, then that opens up the possibility of very dynamic decors, but it opens up another security hole, that of malicious themes, very similar to the malicious screensavers in Windows.
And how difficult would it be to port/use Zeta decors? If Haiku decors are just loaders for different themes, such as the WinDecorator loading Windows XP themes and the MacDecorator loading MacOSX themes, then could the BeDecorator use Zeta themes?
If I’m completely wrong, what are they? I found them at http://svn.berlios.de/viewcvs/haiku/haiku/trunk/src/add-ons/decorators/ for those who are interested.
–Walter Huf–
Security in R5 is a laugh, and the decorator system is no different. AFAIK there are measures in place in Windows to handle untrusted code. No such thing exists in R5, Haiku, or Zeta. No matter which BeOS variant you use, you’re gonna be pretty much out of luck… at least until R2. Disabling their use would be trivial because the app_server has its own internal one, which happens to be the one seen in all the screenshots on Beta’s website.
As for Zeta decors, it’s a completely different animal. Somewhere I heard that they are written in some scripting language of their own. That would certainly be more secure, but decorators were written with the thought that doing anything else would be seriously delaying R1’s release.
I suppose it could be possible to do something like a compatibility layer to load decorators from R5 or Zeta, but it would be far simpler just to write the individual decorator - they’re very easy to write if you’ve got the sources from another one. At the moment, the ones in the tree are horribly out of date and broken. Once the server’s settled down pretty well I will more than likely be writing more than a couple decorators and unbreaking the existing ones. Back in the server prototype days, I wrote both each of both the Windows and Mac decorators in an evening.
Sweetness.
I suppose this is the wrong place to ask about what types of ideas are in storage for security in R2.
The Zeta decors look like they are stored in the attributes of a single file, with nothing in the actual file, but I haven’t examined the attributes yet.
Sweet.
–Walter Huf–
I think Zeta decors use LUA for language, which if I remember correctly is used by World of Warcraft as well 