[OLPC Security] Application bundles and delegation

xuan wu wuxuan.ecios at gmail.com
Fri Feb 9 13:08:11 EST 2007 

> There are severe implementation disadvantages to such an approach,


I'd like to dig into this deeper, would you mind show me some light on it?

from a non-implementation point of view, it doesn't at all deal with the
> need for user documents to be shared.


Then the applications  and  other users all just have full permission to the
documents.  I wonder if I understand your idea.

What advantages do you see, as
> compared to what's presently in the specification?

In "software installation" part,
1. >After installation, the per-program permission list is only modifiable
by the user
    >through a graphical interface.
This may cause problems when some program trick the user to change
permission list to access the other programs.
2. >As a final note, programs cryptographically signed by OLPC or the
   > individual countries may bypass the permission request limits, and
request
   > any permissions they wish at installation time.
This guarantees too much power and responsibility to OLPC which I find
unnecessary.  The other programs just have their own rights to announce the
access limits to their own files, which means all the programs are all fair,
and when one program use another program, it needs permission, just like the
real user use the programs. The user may have the right of execute all
files, but some programs which are not supposed to be executed directly by
the user can just put a "non-executable by John" sign to itself.

Another thing in the spec, the "first boot" part.
1. The identity information is centralized, and the server may cause
insecurity, as there are always some ways to hack into it.
2. With only the photo, SN and id,  how can we find the thief or dis
function the machine after the a boy lost his laptop, who possibly has  no
idea whom to report to except telling his own friends?

How about this? At the first time, the child input his name. Then every time
the laptop is turned on ever since, it automatically use the real name to
log into the p2p net as long as there's another laptop in a range of, say,
1km. In this net, everyone else  can see who's online, even if no one's in
the Internet. Then the thief takes risks everywhere as long as there might
be someone else using XO in this range, because that one may know the name
that logged in, and may know that he has lost his XO.

I always believe in the power of people, especially lots of people who know
each other. Also, I don't like the idea of supervisor of supervisor of
supervisor, and so on. Instead, I'd like to be a supervisor and a supervised
at the same time, fairly.

PS:  as English isn't my first language, I'd appreciate it if you point out
anything that cause misunderstanding in my writing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.laptop.org/pipermail/security/attachments/20070210/fdc13ffe/attachment.html

More information about the Security mailing list