administrative security

Chris Ball cjb at
Sun Jan 11 23:32:03 EST 2009

Hi Carlos,

   > Anyway, default installation of XO OS gives easy access to admin
   > controls. This just a G1G1 thing, or is this something that's
   > disabled by default?

We intentionally give admin controls to children; we are trying to
encourage them to explore, create, and solve problems with their
machines.  If they break something, the school can keep a USB key
available for quick reflashes via holding down all four game keys,
or the student can hold down the O key to boot into their previous
build from olpc-update.  I hope we will soon have a key to hold
down at boot that restores you to the root filesystem as it was
before your modifications, too, as an "undo button".

The children do not, in fact, regularly get malware, hacked, or stop
their machine from booting through installing unauthorized software,
so I don't think this is a large problem -- certainly not one worth
crippling the machines from being able to install new software for.
The "undo button" functionality or olpc-update's "boot into previous
build" are sufficient to mitigate the sort of problems you're thinking
of, though.

Personally, I'd encourage deployments to continue to give root access
to their children:  there are other laptops that are designed to be
locked-down and restricted, but this one is not one of them, and the
combination of totally open-source software and restrictions on
installing or modifying software do not mix well together.


- Chris.
Chris Ball   <cjb at>

More information about the Devel mailing list