[OLPC Security] Application bundles and delegation
xuan wu
wuxuan.ecios at gmail.com
Fri Feb 9 05:52:41 EST 2007
2007/2/9, Ivan Krstić <krstic at solarsail.hcs.harvard.edu>:
>
> Hi Ping,
>
> Ka-Ping Yee wrote:
> > I felt very encouraged upon reading the Bitfrost specification today.
> > Congratulations on what you've accomplished so far. It makes me very
> > glad to see the up-front acknowledgement, in your introduction, of the
> > key problem in security -- the wholesale granting of authority that
> > happens when applications "run as" users.
>
What'll happen if every application actually run as users? What if each of
them is given a user account and a password, and has it's own HOME, just
like the human user? In that case, each of them has different security
permissions on all the files, including the other applications', and also
the "real" users'.
Every application minds his/her own territory, and the other
applications/users can only access to the files if they have the permission.
Maybe I didn't make it clear last time as below?
http://mailman.laptop.org/pipermail/security/2007-February/000064.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.laptop.org/pipermail/security/attachments/20070209/b679be81/attachment-0001.html
More information about the Security
mailing list