nail down trusted Teliva channels a little more
In each session, Teliva has to bootstrap a trusted channel with the computer owner while running arbitrarily untrusted code. So let's get really, really precise about what the trusted channel consists of: - the bottom-most row of screen containing the menu - the keystrokes the owner types in - ncurses COLOR_PAIR slots 254 (menu) and 255 (error) One reason the menu colors are important: we don't want people to get used to apps that hide the menu colors by setting default foreground/background to invisible and then drawing their own menu one row up. The error COLOR_PAIR I don't see any reason to carve out right now, but it seems like a good idea for Teliva the framework to not get into the habit of apps doing some things for it. I'm not sure how realistic all this is (I feel quite ill-equipped to think about security), but it seems worthwhile to err on the side of paranoia. Teliva will be paranoid so people don't have to be.
This commit is contained in:
Kartik K. Agaram
parent
609730071e
commit
41bf615f43
|
|
@ -186,7 +186,6 @@
|
|||
> curses.init_pair(13, 7, 5)
|
||||
> curses.init_pair(14, 7, 6)
|
||||
> curses.init_pair(15, -1, 15)
|
||||
> curses.init_pair(255, 15, 1) -- reserved for Teliva error messages
|
||||
>end
|
||||
- main:
|
||||
>function main()
|
||||
|
|
|
|||
|
|
@ -198,7 +198,6 @@
|
|||
> curses.init_pair(6, dark_piece, light_last_moved_square)
|
||||
> curses.init_pair(7, light_piece, dark_last_moved_square)
|
||||
> curses.init_pair(8, dark_piece, dark_last_moved_square)
|
||||
> curses.init_pair(255, 15, 1) -- reserved for Teliva error messages
|
||||
>end
|
||||
- __teliva_timestamp: original
|
||||
main:
|
||||
|
|
|
|||
|
|
@ -52,7 +52,6 @@
|
|||
> for i=1,7 do
|
||||
> curses.init_pair(i, 0, i)
|
||||
> end
|
||||
> curses.init_pair(255, 15, 1) -- reserved for Teliva error messages
|
||||
>
|
||||
> while true do
|
||||
> render(window)
|
||||
|
|
|
|||
|
|
@ -84,7 +84,6 @@
|
|||
> curses.init_pair(i, 0, i)
|
||||
> end
|
||||
> curses.init_pair(15, 0, 250) -- tower frames
|
||||
> curses.init_pair(255, 15, 1) -- reserved for Teliva error messages
|
||||
>
|
||||
> while true do
|
||||
> render(window)
|
||||
|
|
|
|||
1
life.tlv
1
life.tlv
|
|
@ -234,7 +234,6 @@
|
|||
- __teliva_timestamp: original
|
||||
main:
|
||||
>function main()
|
||||
> curses.init_pair(255, 15, 1) -- reserved for Teliva error messages
|
||||
> curses.init_pair(1, 22, 189)
|
||||
>
|
||||
> -- initialize grid based on commandline args
|
||||
|
|
|
|||
|
|
@ -309,12 +309,12 @@ Refresh the window terminal display from the virtual screen.
|
|||
@see curses.doupdate
|
||||
@see noutrefresh
|
||||
*/
|
||||
extern void draw_menu (lua_State *L);
|
||||
extern void render_trusted_teliva_data (lua_State *L);
|
||||
static int
|
||||
Wrefresh(lua_State *L)
|
||||
{
|
||||
int result = wrefresh(checkwin(L, 1));
|
||||
draw_menu(L);
|
||||
render_trusted_teliva_data(L);
|
||||
return pushokresult(result);
|
||||
}
|
||||
|
||||
|
|
@ -1307,9 +1307,9 @@ static int
|
|||
Wgetch(lua_State *L)
|
||||
{
|
||||
WINDOW *w = checkwin(L, 1);
|
||||
draw_menu(L); /* Apps can draw what they want on screen,
|
||||
* but Teliva's menu is always visible when
|
||||
* asking the user to make a decision. */
|
||||
render_trusted_teliva_data(L); /* Apps can draw what they want on screen,
|
||||
* but Teliva's UI is always visible when
|
||||
* asking the user to make a decision. */
|
||||
int c = wgetch(w);
|
||||
|
||||
if (c == ERR)
|
||||
|
|
|
|||
|
|
@ -1126,6 +1126,11 @@ static int pmain (lua_State *L) {
|
|||
|
||||
|
||||
extern void draw_menu (lua_State *);
|
||||
void render_trusted_teliva_data (lua_State *L) {
|
||||
init_pair(COLOR_PAIR_ERROR, COLOR_ERROR_FOREGROUND, COLOR_ERROR_BACKGROUND);
|
||||
init_pair(COLOR_PAIR_MENU, COLOR_FOREGROUND, COLOR_BACKGROUND);
|
||||
draw_menu(L);
|
||||
}
|
||||
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
|
|
@ -1145,7 +1150,7 @@ int main (int argc, char **argv) {
|
|||
keypad(stdscr, 1);
|
||||
start_color();
|
||||
assume_default_colors(COLOR_FOREGROUND, COLOR_BACKGROUND);
|
||||
draw_menu(L);
|
||||
render_trusted_teliva_data(L);
|
||||
echo();
|
||||
s.argc = argc;
|
||||
s.argv = argv;
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
#include <string.h>
|
||||
|
||||
#include "lua.h"
|
||||
#include "teliva.h"
|
||||
|
||||
|
||||
int menu_column = 0;
|
||||
|
|
@ -21,7 +22,7 @@ void draw_menu_item (const char* key, const char* name) {
|
|||
}
|
||||
|
||||
void draw_menu (lua_State *L) {
|
||||
attron(A_BOLD|A_REVERSE);
|
||||
attron(A_BOLD|A_REVERSE|COLOR_PAIR(COLOR_PAIR_MENU));
|
||||
for (int x = 0; x < COLS; ++x)
|
||||
mvaddch(LINES-1, x, ' ');
|
||||
menu_column = 2;
|
||||
|
|
@ -36,5 +37,5 @@ void draw_menu (lua_State *L) {
|
|||
draw_menu_item(lua_tostring(L, -2), lua_tostring(L, -1));
|
||||
|
||||
lua_pop(L, 1);
|
||||
attroff(A_BOLD|A_REVERSE);
|
||||
attrset(A_NORMAL);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -112,7 +112,8 @@ enum color_pair {
|
|||
COLOR_PAIR_LUA_KEYWORD = 5,
|
||||
COLOR_PAIR_LUA_CONSTANT = 6,
|
||||
COLOR_PAIR_MATCH = 7,
|
||||
COLOR_PAIR_ERROR = 255,
|
||||
COLOR_PAIR_MENU = 254, // reserved for teliva; apps shouldn't use it
|
||||
COLOR_PAIR_ERROR = 255, // reserved for teliva; apps shouldn't use it
|
||||
};
|
||||
|
||||
#endif
|
||||
|
|
|
|||
Loading…
Reference in New Issue