> if you run everything as user olpc and user olpc can become root without a > password, getting olpc is as good as getting root.
An arbitrary process running as user olpc should not be able to get root. My impression is that it cannot, currently; am I wrong? > > not to mention the fact that you would need to audit every program to see > what it will do with the data you feed it (if anything reads something from > a file and then executes arbatrary commands based on it, you've lost) > If it switches to run as another user (or otherwise reduces its own destructive capabilities) before doing so, not so. This is the principle that Bitfrost is built on: ways to run untrusted code.
_______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
