Am Donnerstag, den 27.05.2010, 22:22 +0500 schrieb Shaz: > I am working on some security features of SHR based on the linux > kernel and some middleware like Dbus. Some developers on the list > suggested to fix prevention of everything being root. I want to work > on the security features of SHR and need your guidance. > > Secure/authenticated boot is also on my agenda and I (and another > colleague) have already got selinux in working condition on SHR and > now learning bitbake recipes to contribute this work to the community. > > Please suggest some guidelines especially on preventing everything to be root.
I think I commented on that on the openmoko mailing list previously, but anyways. A holistic approach is necessary for that. I'd do it like that: * Create a 'phone' user that has enough capabilities so that the FSO2 daemons can run. * You may have to fix the kernel to provide sysfs access to non-priviledged users. * Fix X to be able to run as non-root. * Come up with a tight configuration for dbus communication privileges. * Bring your fixes in OE. This doesn't cover booting and SElinux, but it would already improve the present situation a lot. -- :M: _______________________________________________ Shr-devel mailing list [email protected] http://lists.shr-project.org/mailman/listinfo/shr-devel
