On Thu, 29 May 2008, Jameson "Chema" Quinn wrote: > >> if you run everything as user olpc and user olpc can become root without a >> password, getting olpc is as good as getting root. > > > An arbitrary process running as user olpc should not be able to get root. My > impression is that it cannot, currently; am I wrong?
the terminal activity can, and if it can why can't everything else use the same mechanism? and there's always sudo /bin/sh available >> >> not to mention the fact that you would need to audit every program to see >> what it will do with the data you feed it (if anything reads something from >> a file and then executes arbatrary commands based on it, you've lost) >> > > If it switches to run as another user (or otherwise reduces its own > destructive capabilities) before doing so, not so. This is the principle > that Bitfrost is built on: ways to run untrusted code. > _______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
