Bitfrost and dual-boot
Jameson "Chema" Quinn
jquinn at cs.oberlin.edu
Thu May 29 16:58:07 EDT 2008
> if you run everything as user olpc and user olpc can become root without a
> password, getting olpc is as good as getting root.
An arbitrary process running as user olpc should not be able to get root. My
impression is that it cannot, currently; am I wrong?
>
> not to mention the fact that you would need to audit every program to see
> what it will do with the data you feed it (if anything reads something from
> a file and then executes arbatrary commands based on it, you've lost)
>
If it switches to run as another user (or otherwise reduces its own
destructive capabilities) before doing so, not so. This is the principle
that Bitfrost is built on: ways to run untrusted code.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.laptop.org/pipermail/devel/attachments/20080529/ca699215/attachment.html>
More information about the Devel
mailing list