A good place to start: http://wiki.laptop.org/go/Bitfrost#Current_Status
In particular, the Rainbow implementation has no chroot/ vserver that I know of, it is all pid's and file permissions. On Mon, Mar 31, 2008 at 7:12 PM, Toby Murray <[EMAIL PROTECTED]> wrote: > Hi, > > I'm writing to enquire about the differences (if any) between the > Bitfrost ideals and the Rainbow implementation. > > In particular, the original Bitfrost documentation (e.g. [1]) suggests > that it would be implemented using the VServer to control filesystem > visibility etc. > > However, a quick look at relevant Rainbow docs (specifically [2]) > indicate that Rainbow might be implemented using only the standard Linux > DAC mechanisms -- essentially, very similar to the Polaris design[3]. > > Some more specific questions: > > - Does Rainbow use chroot? > - If so, how does its filesystem protections go beyond what Plash [4] > offers? > - In particular, Plash has some (or is close to providing) support for > copy-on-write access, which is hinted at in [2]. > > Any info would be great. > > Finally, were one interested in hacking on Rainbow, what is an ideal > development environment for doing so? (Particularly for someone without > access to an XO). > > Many thanks, > > and cheers to all of those involved here. OLPC, and its security > model/architecture, are nothing if not the most successful vehicle by > which "least authority" has been sold to an otherwise apathetic > audience. Kudos. > > Toby > > [1] http://cups.cs.cmu.edu/soups/2007/proceedings/p132_krstic.pdf > [2] > > http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow.txt;hb=HEAD > [3] http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html > [4] http://plash.beasts.org/wiki/ > > _______________________________________________ > Security mailing list > [email protected] > http://lists.laptop.org/listinfo/security >
_______________________________________________ Security mailing list [email protected] http://lists.laptop.org/listinfo/security
