[OLPC Security] Thoughts on bitfrost capabilities, enforcement, and ACLs

Marcus Leech mleech at nortel.com
Tue Nov 6 12:33:43 EST 2007


Ivan Krstić wrote:
>
> The simple first pass solution is to make the devices owned by a group
> ('audio', 'camera') and add activities to the proper group at launch
> time if they possess the requisite permissions.
Yup, that works.  I like that *nix has a number of different ways of
accomplishing most tasks.
>
> I received a lot of pushback from the OLPC security working group on
> the time-based permissions ("you can now use the camera until after 30
> minutes of inactivity"), so it's not entirely clear to me yet whether
> we'll implement it, though if we do, ACLs would be my preferred
> approach. Cheers,
>
The problem with the "time based" requirement is that enforcing it is
really tricky.   You could have the rainbow daemon keep track
  of timeouts, and change permissions on objects.  But that doesn't
affect a process that already has an open file-handle on that object,
  only new attempts to open the object.  Now, you could force the apps
to go through an abstraction layer that does all of this,
  but that doesn't protect you against malicious code that does "raw" OS
calls, etc.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
Url : http://lists.laptop.org/pipermail/security/attachments/20071106/01e491c1/attachment.pgp 


More information about the Security mailing list