[OLPC Security] Securing the laptop: DoS
David Woodhouse
dwmw2 at infradead.org
Mon Sep 11 10:49:49 EDT 2006
On Mon, 2006-09-11 at 09:54 -0400, Jim Gettys wrote:
> > I'm not sure how JFFS2 would handle the failure of key pages here or
> > there,
It should deal with it _relatively_ gracefully, although it reduces the
amount of space available and that can become problematic if we end up
without enough space to do any garbage collection.
> > but overwriting the partition table would probably be pretty
> > bad.
Partition table? What partition table?
> > We've been discussing using some kind of security system so that
> > even processes running as root cannot do raw writes to the flash.
> > These brief calculations indicate that this is needed.
>
> Dave can enlighten.
Start with http://david.woodhou.se/jffs2.pdf
We spoke on IRC earlier about rate-limiting writes, by some criteria yet
to be entirely defined, but something like process groups. That kind of
thing you could probably do with LSM, rather than using hacks within the
VFS or the filesystem itself.
> JFFS2 is clearly our generation 1 file system; not clear what we will
> use for gen 2.
I'd like to see us finish Jörn's logfs.
--
dwmw2
More information about the Security
mailing list