From 41bf615f4388076ce6256e694aa18926c08d3775 Mon Sep 17 00:00:00 2001 From: "Kartik K. Agaram" Date: Tue, 21 Dec 2021 15:47:55 -0800 Subject: nail down trusted Teliva channels a little more In each session, Teliva has to bootstrap a trusted channel with the computer owner while running arbitrarily untrusted code. So let's get really, really precise about what the trusted channel consists of: - the bottom-most row of screen containing the menu - the keystrokes the owner types in - ncurses COLOR_PAIR slots 254 (menu) and 255 (error) One reason the menu colors are important: we don't want people to get used to apps that hide the menu colors by setting default foreground/background to invisible and then drawing their own menu one row up. The error COLOR_PAIR I don't see any reason to carve out right now, but it seems like a good idea for Teliva the framework to not get into the habit of apps doing some things for it. I'm not sure how realistic all this is (I feel quite ill-equipped to think about security), but it seems worthwhile to err on the side of paranoia. Teliva will be paranoid so people don't have to be. --- chesstv.tlv | 1 - 1 file changed, 1 deletion(-) (limited to 'chesstv.tlv') diff --git a/chesstv.tlv b/chesstv.tlv index 36b1a7e..91d8d07 100644 --- a/chesstv.tlv +++ b/chesstv.tlv @@ -198,7 +198,6 @@ > curses.init_pair(6, dark_piece, light_last_moved_square) > curses.init_pair(7, light_piece, dark_last_moved_square) > curses.init_pair(8, dark_piece, dark_last_moved_square) - > curses.init_pair(255, 15, 1) -- reserved for Teliva error messages >end - __teliva_timestamp: original main: -- cgit 1.4.1-2-gfad0