On Wed, Jun 18, 2008 at 6:24 PM, Kevin Dean [EMAIL PROTECTED] wrote:
On Wed, Jun 18, 2008 at 4:26 PM, Knight Walker [EMAIL PROTECTED] wrote:
The root/user separation is the most fundamental part of a security
policy and here is why. Root is by its nature not only unrestricted but
When I think about it, I realize that it is important
that the device is secure to use on a network.
Someday the Openmoko devices will support stuff
like flash, java, java script and much more. When
this device connects to the Internet, and the client
on the device runs as an unprivileged user,
On Mon, 2008-06-16 at 14:41 -0400, Kevin Dean wrote:
You dispute that the user data is the most important part of the
mobile device experience?
No one (that I've seen thus far) is arguing that the user data is not
the most irreplaceable (and to the user, important) part of a mobile
device.
Knight Walker wrote:
Encryption is another matter, and one I will want addressed before too
long. I've got some ideas on how it can be done, but I'll need to see
more of the OM system live before I can begin to decide if my ideas
are feasible or if they need changing.
-KW
Encryption is
On Wed, Jun 18, 2008 at 4:26 PM, Knight Walker [EMAIL PROTECTED] wrote:
The root/user separation is the most fundamental part of a security
policy and here is why. Root is by its nature not only unrestricted but
unrestrictable (I think I just made up a new word). A non-root user can
only
On Sat, Jun 14, 2008 at 01:09:03AM +0200, Flemming Richter Mikkelsen wrote:
What are the engineering reasons for this?
The reason is that the user normally wants to run a lot of root
applications such as rdate, power off, opkg, etc. Of course this should
be solved, but it should not be a
Francesco Albanese wrote:
As I already pointed out, re-establishing the correct privilege
isolation is a fundamental step to enforce security, even though the
phone will have only 1 user. In the future we should have a few root
process, dedicated accounts for daemons and a X session belonging
Kevin Dean wrote:
the om represents a device more powerfull than the computer linux was
developed on.
i am not sure i understand you correctly, but for me it sounds like you
saying user/group separation is meaningfull for servers only (and only
because physical access can be prevented), for
Kevin Dean wrote:
I understand how and why permission seperations exist. :) What I'm
saying is that if we sit back and evaluate how this device is going to
be used in the vast majority of cases, you'll realize that unlike a
desktop or server system, the data that a non-root user can delete is
Kevin Dean wrote:
In the mobile world, there is NOTHING more important than the user's
data. Nothing. And in the mobile world, you can impliment root priv
seperations till the cows come home, but it doesn't eliminate the fact
that the most vulnerable part of the system is being put at risk
Joerg Reisenweber wrote:
If you have root AND user, root can make a backup copy of user's valuable
data
every once in a while, and user or the virus she imported while browsing the
web can NOT destroy this backup.
I can't follow your arguments. It's NOT an evil person we need to fence in,
I don't read through the whole thread (i'm short on time, sorry), but
having users would be part of a good security in depth structure. You
talk about compromittingdata, but never thing ofotehr thinks. For
example: i have acess for some seconds to the phone. runnign as root,
i change the dns to
On Mon, Jun 16, 2008 at 12:23 PM, Robert Taylor
[EMAIL PROTECTED] wrote:
Kevin Dean wrote:
In the mobile world, there is NOTHING more important than the user's
data. Nothing. And in the mobile world, you can impliment root priv
seperations till the cows come home, but it doesn't eliminate the
User John running sudo rm -rf /* is better than root running rm -rf
/* because...?
Because sudo can be configured to accept users in certain groups to
run certain commands with or without a password. rm can be
restricted, whereas opkg can be permitted without password.
IMO, running everything
As I already pointed out, re-establishing the correct privilege
isolation is a fundamental step to enforce security, even though the
phone will have only 1 user. In the future we should have a few root
process, dedicated accounts for daemons and a X session belonging to
the user. IMHO it could be
Am So 15. Juni 2008 schrieb Mikael Lammentausta:
User John running sudo rm -rf /* is better than root running rm -rf
/* because...?
Because sudo can be configured to accept users in certain groups to
run certain commands with or without a password. rm can be
restricted, whereas opkg can
su, 2008-06-15 kello 16:39 +0200, Joerg Reisenweber kirjoitti:
YEP, exactly. Really wonder whether ssh is open to GPRS :-o (I had to fire up
GPRS to check, my simcard doesn't allow right now. shame on me :-/ )
For sure it's no good idea to run the web-browser as root.
Last I checked yes. So,
On Sat, Jun 14, 2008 at 4:25 AM, arne anka [EMAIL PROTECTED] wrote:
will tell you that having those kind of permissions systems when the
INTRUDER has physical access to the device is next to pointless.
the om is connected via wlan or bluetooth -- thus allowing hacking into it
(if it is not
Firstly, sorry for the blank reply. Accidentally double clicked and
send is in the same spot. :P
On Sat, Jun 14, 2008 at 4:25 AM, arne anka [EMAIL PROTECTED] wrote:
only opkg is run, not everything possible.
logging in as root opens a world of ways to harm your data, either by
accident or
A lot depends on your network provider. I can't even ping my
FreeRunner on vodafone, for example.
Tmobile put it's first firewall up in 2002:
http://www.theregister.co.uk/2002/11/27/first_hackers_sighted_in_high/
J
2008/6/15 Mikko Rauhala [EMAIL PROTECTED]:
su, 2008-06-15 kello 16:39 +0200,
well, let's say we disagree in the classification of the om -- i think
it's a very powerfull mobile computer and thus should follow basically the
same idea of security.
the user's data can be backed up and thus restored if compromised or
destroyed.
the system itself may causes severe loss of
If you have root AND user, root can make a backup copy of user's valuable data
every once in a while, and user or the virus she imported while browsing the
web can NOT destroy this backup.
I can't follow your arguments. It's NOT an evil person we need to fence in,
it's bad behaviour of
On Sun, Jun 15, 2008 at 9:15 PM, arne anka [EMAIL PROTECTED] wrote:
well, let's say we disagree in the classification of the om -- i think
it's a very powerfull mobile computer and thus should follow basically the
same idea of security.
the user's data can be backed up and thus restored if
Isn't there a targeted SElinux policy being developed as part of GSoC?
On 6/15/08, Joerg Reisenweber [EMAIL PROTECTED] wrote:
If you have root AND user, root can make a backup copy of user's valuable
data
every once in a while, and user or the virus she imported while browsing the
web can NOT
On my laptop, I can choose if I want to run SE Linux or not.
I think that the at least one image should run default with a
non-root user and everything in /etc/sudoers. This way,
people can uncomment inside that file and apply the
security they like.
Sounds a lot like looking after a laptop
Sounds a lot like looking after a laptop rather than using a phone.
I've already written about how I like the FreeRunner because it's
*not* a laptop:
basically, yes. but that's probably due to the limited experience. i for
one know palm pda/smartphone and laptop/pc -- according to the spec
On 2008-06-15 21:15:40 +0200, arne anka wrote:
well, let's say we disagree in the classification of the om -- i think
it's a very powerfull mobile computer and thus should follow basically the
same idea of security.
the user's data can be backed up and thus restored if compromised or
will tell you that having those kind of permissions systems when the
INTRUDER has physical access to the device is next to pointless.
the om is connected via wlan or bluetooth -- thus allowing hacking into it
(if it is not posiible right now it will some day).
thus the user does not
Peter Nijs wrote:
no problems. what i don't want is people to get their hopes up. this was in
the context of people asking if they can play vga video and me going good
luck!. there is reality - and you can sit and hack away spend lots of time
and get 1 case to work, and work well. as i said -
On 6/13/08, Robert Taylor [EMAIL PROTECTED] wrote:
Peter Nijs wrote:
no problems. what i don't want is people to get their hopes up. this was in
the context of people asking if they can play vga video and me going good
luck!. there is reality - and you can sit and hack away spend lots of
Am Sa 14. Juni 2008 schrieb Flemming Richter Mikkelsen:
On 6/13/08, Robert Taylor [EMAIL PROTECTED] wrote:
Peter Nijs wrote:
no problems. what i don't want is people to get their hopes up. this
was in
the context of people asking if they can play vga video and me
going good
luck!.
On Fri, Jun 13, 2008 at 10:10 PM, Joerg Reisenweber [EMAIL PROTECTED] wrote:
My opinion is averse. There's no valid reason to abandon the very simple
concept of users, groups, and permissions, just to have an easy start on
development (fixing apps later on is a PITA). If you don't care from
32 matches
Mail list logo