On 30.05.2008, at 07:33, [EMAIL PROTECTED] wrote: > On Thu, 29 May 2008, C. Scott Ananian wrote: > >> On Thu, May 29, 2008 at 6:03 PM, Michael Stone <[EMAIL PROTECTED]> >> wrote: >>> On Thu, May 29, 2008 at 05:53:49PM -0400, Michael Stone wrote: >>>> On Thu, May 29, 2008 at 02:58:07PM -0600, Jameson Chema Quinn >>>> wrote: >>>> In recent builds, any process running as user OLPC can execute >>>> code as >>>> uid 0 via the setuid-0 user-olpc-executable /usr/bin/sudo. >>> >>> A small correction: in recent builds, /bin/su is 04550 root/wheel, >>> user >>> olpc is a member of wheel, and /usr/bin/sudo is a thin wrapper >>> around >>> /bin/su. >> >> And to elaborate: the idea is that untrusted code should not be >> running as the 'olpc' user: 'olpc' is a trusted account. Activities >> run/should be running as their own unique UUIDs, which are isolated >> from the olpc account. > > so a python program written by the owner of the laptop won't run as > user > olpc? > > what if they write it in the terminal activity using vi?
It does not matter how you write the program, but how you run it. If you invoke a python script from the terminal, it runs as user olpc. If you run it from a root shell, it is root. If it is an activity, it runs with a freshly created user id (and a per-activity group id). See ~olpc/isolation ... Only some trusted activities run as user olpc (Journal, Terminal, a few more I believe). - Bert - _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel