[OLPC Security] Thoughts on bitfrost capabilities, enforcement, and ACLs

Michael Stone michael at laptop.org
Tue Nov 6 13:29:26 EST 2007


On Tue, Nov 06, 2007 at 12:33:43PM -0500, Marcus Leech wrote:
> The problem with the "time based" requirement is that enforcing it is
> really tricky.   You could have the rainbow daemon keep track
>   of timeouts, and change permissions on objects.  But that doesn't
> affect a process that already has an open file-handle on that object,
>   only new attempts to open the object.  Now, you could force the apps
> to go through an abstraction layer that does all of this,
>   but that doesn't protect you against malicious code that does "raw" OS
> calls, etc.

Dave Woodhouse suggested, and I concur, that the most straightforward
way to deal with this [should we choose to do so] is to add some
device-specific ioctls() that Rainbow can use to turn the device on and
off per-uid.

Michael



More information about the Security mailing list