[OLPC Security] Bitfrost and dual-boot

Bert Freudenberg bert at freudenbergs.de
Fri May 30 10:20:50 EDT 2008


On 30.05.2008, at 07:33, david at lang.hm wrote:

> On Thu, 29 May 2008, C. Scott Ananian wrote:
>
>> On Thu, May 29, 2008 at 6:03 PM, Michael Stone <michael at laptop.org>  
>> wrote:
>>> On Thu, May 29, 2008 at 05:53:49PM -0400, Michael Stone wrote:
>>>> On Thu, May 29, 2008 at 02:58:07PM -0600, Jameson Chema Quinn  
>>>> wrote:
>>>> In recent builds, any process running as user OLPC can execute  
>>>> code as
>>>> uid 0 via the setuid-0 user-olpc-executable /usr/bin/sudo.
>>>
>>> A small correction: in recent builds, /bin/su is 04550 root/wheel,  
>>> user
>>> olpc is a member of wheel, and /usr/bin/sudo is a thin wrapper  
>>> around
>>> /bin/su.
>>
>> And to elaborate: the idea is that untrusted code should not be
>> running as the 'olpc' user: 'olpc' is a trusted account.  Activities
>> run/should be running as their own unique UUIDs, which are isolated
>> from the olpc account.
>
> so a python program written by the owner of the laptop won't run as  
> user
> olpc?
>
> what if they write it in the terminal activity using vi?


It does not matter how you write the program, but how you run it. If  
you invoke a python script from the terminal, it runs as user olpc. If  
you run it from a root shell, it is root. If it is an activity, it  
runs with a freshly created user id (and a per-activity group id). See  
~olpc/isolation ... Only some trusted activities run as user olpc  
(Journal, Terminal, a few more I believe).

- Bert -





More information about the Devel mailing list