Hi, I'm writing to enquire about the differences (if any) between the Bitfrost ideals and the Rainbow implementation.
In particular, the original Bitfrost documentation (e.g. [1]) suggests that it would be implemented using the VServer to control filesystem visibility etc. However, a quick look at relevant Rainbow docs (specifically [2]) indicate that Rainbow might be implemented using only the standard Linux DAC mechanisms -- essentially, very similar to the Polaris design[3]. Some more specific questions: - Does Rainbow use chroot? - If so, how does its filesystem protections go beyond what Plash [4] offers? - In particular, Plash has some (or is close to providing) support for copy-on-write access, which is hinted at in [2]. Any info would be great. Finally, were one interested in hacking on Rainbow, what is an ideal development environment for doing so? (Particularly for someone without access to an XO). Many thanks, and cheers to all of those involved here. OLPC, and its security model/architecture, are nothing if not the most successful vehicle by which "least authority" has been sold to an otherwise apathetic audience. Kudos. Toby [1] http://cups.cs.cmu.edu/soups/2007/proceedings/p132_krstic.pdf [2] http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow.txt;hb=HEAD [3] http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html [4] http://plash.beasts.org/wiki/ _______________________________________________ Security mailing list [email protected] http://lists.laptop.org/listinfo/security
