[OLPC Security] Thoughts on bitfrost capabilities, enforcement, and ACLs
Michael Stone
michael at laptop.org
Tue Nov 6 13:29:26 EST 2007
On Tue, Nov 06, 2007 at 12:33:43PM -0500, Marcus Leech wrote:
> The problem with the "time based" requirement is that enforcing it is
> really tricky. You could have the rainbow daemon keep track
> of timeouts, and change permissions on objects. But that doesn't
> affect a process that already has an open file-handle on that object,
> only new attempts to open the object. Now, you could force the apps
> to go through an abstraction layer that does all of this,
> but that doesn't protect you against malicious code that does "raw" OS
> calls, etc.
Dave Woodhouse suggested, and I concur, that the most straightforward
way to deal with this [should we choose to do so] is to add some
device-specific ioctls() that Rainbow can use to turn the device on and
off per-uid.
Michael
More information about the Security
mailing list