On Thu, 26 Jun 2008, Deepak Saxena wrote:
On Jun 25 2008, at 14:01, Carl-Daniel Hailfinger was caught saying:
On 25.06.2008 08:07, Michael Stone wrote:
We have an activity that wants superuser privilege in order to poke
kernel memory.
Hello? Please take the poor activity out back and shoot it. No activity
has any business poking kernel memory.
What if I replace Michael's statement with some specific use cases:
- An activity requires a specific device driver module to be (un)loaded
to properly function and loading this driver requires su privilege.
or:
- An activity requires a device to switch operation modes and that
operation mode is configured via a sysfs file. The file is poked
by a library API, but it requires su privilege to do so.
I agree with Paul that we need to have a solution to these
cases iff we want to support running arbitrary software and
hw combinations on the XO. The other option is to limit the
scope of the system to a very specific set of sw and hw,
treating the XO as embedded education appliance instead of
a general-purpose laptop device, which I don't think
we want to do.
It can be a general purpose laptop. And we need not surrender
our common sense: if we want the thing to be better, it will have
to be different. In particular, it cannot have kernel modules
promiscuously loaded and unloaded. Thus not all software will
run on the laptop. But that is already the case for the most
widely distributed home systems: a Microsoft program will not run
on GNU/Linux, an Apple program will not run on a Microsoft OS,
etc..
I don't have any immediate answers to any of Michael's questions
but I think looking at how the standard ditros deal with this
would be a starting point.
~Deepak
The usual free Unices' security apparatus is ludicrously
inadequate. The XO system should be much better.
oo--JS.
--
Deepak Saxena [EMAIL PROTECTED]
___
Security mailing list
[EMAIL PROTECTED]
http://lists.laptop.org/listinfo/security
___
Devel mailing list
Devel@lists.laptop.org
http://lists.laptop.org/listinfo/devel
