[OLPC Security] Thoughts on bitfrost capabilities, enforcement, and ACLs
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Tue Nov 6 12:08:49 EST 2007
On Nov 6, 2007, at 10:46 AM, Marcus Leech wrote:
> # The alternative is to have activity launch simply change the
> ownership
> # and/or permissions of the relevant device(s) on launch.
The simple first pass solution is to make the devices owned by a
group ('audio', 'camera') and add activities to the proper group at
launch time if they possess the requisite permissions.
I received a lot of pushback from the OLPC security working group on
the time-based permissions ("you can now use the camera until after
30 minutes of inactivity"), so it's not entirely clear to me yet
whether we'll implement it, though if we do, ACLs would be my
preferred approach. Cheers,
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org
More information about the Security
mailing list