[OLPC Security] Bitfrost and dual-boot
C. Scott Ananian
cscott at laptop.org
Fri May 30 13:21:32 EDT 2008
On 5/30/08, david at lang.hm <david at lang.hm> wrote:
> On Thu, 29 May 2008, C. Scott Ananian wrote:
> > And to elaborate: the idea is that untrusted code should not be
> > running as the 'olpc' user: 'olpc' is a trusted account. Activities
> > run/should be running as their own unique UUIDs, which are isolated
> > from the olpc account.
> >
>
> so a python program written by the owner of the laptop won't run as user
> olpc?
A Pippy program will in general not run as 'olpc'.
> what if they write it in the terminal activity using vi?
When you log in to the terminal you are running as olpc. You are a
trusted user. You can clearly write code and run it as yourself
(olpc), if you like. We would like to think that eventually you will
prefer to use Bitfrost-like capabilities (even on non-Sugar linux
platforms) to run your code by default as another user, just as best
practice says you shouldn't run most code you write as root.
--scott
--
( http://cscott.net/ )
More information about the Devel
mailing list