[OLPC Security] Bitfrost and dual-boot

C. Scott Ananian cscott at laptop.org
Fri May 30 13:21:32 EDT 2008

On 5/30/08, david at lang.hm <david at lang.hm> wrote:
> On Thu, 29 May 2008, C. Scott Ananian wrote:
> > And to elaborate: the idea is that untrusted code should not be
> > running as the 'olpc' user: 'olpc' is a trusted account.  Activities
> > run/should be running as their own unique UUIDs, which are isolated
> > from the olpc account.
> >
>  so a python program written by the owner of the laptop won't run as user
> olpc?

A Pippy program will in general not run as 'olpc'.

>  what if they write it in the terminal activity using vi?

When you log in to the terminal you are running as olpc.  You are a
trusted user.  You can clearly write code and run it as yourself
(olpc), if you like.  We would like to think that eventually you will
prefer to use Bitfrost-like capabilities (even on non-Sugar linux
platforms) to run your code by default as another user, just as best
practice says you shouldn't run most code you write as root.

                         ( http://cscott.net/ )

More information about the Devel mailing list