[OLPC Security] Bitfrost and dual-boot

david at lang.hm david at lang.hm
Fri May 30 01:33:38 EDT 2008


On Thu, 29 May 2008, C. Scott Ananian wrote:

> On Thu, May 29, 2008 at 6:03 PM, Michael Stone <michael at laptop.org> wrote:
>> On Thu, May 29, 2008 at 05:53:49PM -0400, Michael Stone wrote:
>>> On Thu, May 29, 2008 at 02:58:07PM -0600, Jameson Chema Quinn wrote:
>>> In recent builds, any process running as user OLPC can execute code as
>>> uid 0 via the setuid-0 user-olpc-executable /usr/bin/sudo.
>>
>> A small correction: in recent builds, /bin/su is 04550 root/wheel, user
>> olpc is a member of wheel, and /usr/bin/sudo is a thin wrapper around
>> /bin/su.
>
> And to elaborate: the idea is that untrusted code should not be
> running as the 'olpc' user: 'olpc' is a trusted account.  Activities
> run/should be running as their own unique UUIDs, which are isolated
> from the olpc account.

so a python program written by the owner of the laptop won't run as user 
olpc?

what if they write it in the terminal activity using vi?

David Lang



More information about the Devel mailing list