On Jan 11, 2008, at 9:16 AM, Schmidt András wrote:
I assume that sudo prevents the harware to be bricked accidentally by the user or by a userspace program. What I wanted to mean is that protecting the user's data is more important than protecting the device itself.
Sudo takes away security - it doesn't add security. If you fail to protect the device, then by extension you have also failed to protect the user's data. So you need to do both.
Bitfrost works by separating privileges at a finer granularity than per-user. Instead, it's per-app. So typically an app that can make arbitrary network connections doesn't have access to user data, and vice versa. All apps run in sandboxes, and communicate via d-bus.
The notion is that security compromises generally come through applications that are suborned. So if you know in advance what the application should normally be able to do, and only let it do that, then when it's suborned by an attacker, the attacker doesn't gain anything, because they've only gained access to the sandbox, not the whole machine.
The security model is very well-thought out, and would work well on a phone - it's intended to protect a non-computer-literate child from malicious attack, and so the level of security-awareness of the user is similar to what you'd expect from the average mobile phone user.
_______________________________________________ OpenMoko community mailing list [email protected] http://lists.openmoko.org/mailman/listinfo/community
