[OLPC Security] Bitfrost and dual-boot
Bert Freudenberg
bert at freudenbergs.de
Fri May 30 10:20:50 EDT 2008
On 30.05.2008, at 07:33, david at lang.hm wrote:
> On Thu, 29 May 2008, C. Scott Ananian wrote:
>
>> On Thu, May 29, 2008 at 6:03 PM, Michael Stone <michael at laptop.org>
>> wrote:
>>> On Thu, May 29, 2008 at 05:53:49PM -0400, Michael Stone wrote:
>>>> On Thu, May 29, 2008 at 02:58:07PM -0600, Jameson Chema Quinn
>>>> wrote:
>>>> In recent builds, any process running as user OLPC can execute
>>>> code as
>>>> uid 0 via the setuid-0 user-olpc-executable /usr/bin/sudo.
>>>
>>> A small correction: in recent builds, /bin/su is 04550 root/wheel,
>>> user
>>> olpc is a member of wheel, and /usr/bin/sudo is a thin wrapper
>>> around
>>> /bin/su.
>>
>> And to elaborate: the idea is that untrusted code should not be
>> running as the 'olpc' user: 'olpc' is a trusted account. Activities
>> run/should be running as their own unique UUIDs, which are isolated
>> from the olpc account.
>
> so a python program written by the owner of the laptop won't run as
> user
> olpc?
>
> what if they write it in the terminal activity using vi?
It does not matter how you write the program, but how you run it. If
you invoke a python script from the terminal, it runs as user olpc. If
you run it from a root shell, it is root. If it is an activity, it
runs with a freshly created user id (and a per-activity group id). See
~olpc/isolation ... Only some trusted activities run as user olpc
(Journal, Terminal, a few more I believe).
- Bert -
More information about the Devel
mailing list