[OLPC Security] Securing the laptop: DoS

David Woodhouse dwmw2 at infradead.org
Mon Sep 11 10:49:49 EDT 2006


On Mon, 2006-09-11 at 09:54 -0400, Jim Gettys wrote:
> > I'm not sure how JFFS2 would handle the failure of key pages here or  
> > there,

It should deal with it _relatively_ gracefully, although it reduces the
amount of space available and that can become problematic if we end up
without enough space to do any garbage collection.

> > but overwriting the partition table would probably be pretty  
> > bad.

Partition table? What partition table?

> > We've been discussing using some kind of security system so that  
> > even processes running as root cannot do raw writes to the flash.  
> > These brief calculations indicate that this is needed.
>
> Dave can enlighten.

Start with http://david.woodhou.se/jffs2.pdf 

We spoke on IRC earlier about rate-limiting writes, by some criteria yet
to be entirely defined, but something like process groups. That kind of
thing you could probably do with LSM, rather than using hacks within the
VFS or the filesystem itself.

> JFFS2 is clearly our generation 1 file system; not clear what we will
> use for gen 2.

I'd like to see us finish Jörn's logfs. 

-- 
dwmw2



More information about the Security mailing list