[OLPC Security] A mom's worries
Adric Net
adric at adric.net
Thu Nov 29 07:58:42 EST 2007
Hi,
I understand your point (about root security), but please review the
BitFrost documentation for a detailed explanation of the unique and
specific guidelines the system is being developed under. eg: http://wiki.laptop.org/go/BitFrost
For one, passwords are considered an advanced feature, to be offered
to users (children, remember) who have advanced far enough in the
computer skills to understand that utility and weakness. Leaving the
system accessible to the children so they can learn is a high priority
for the OLPC system.
For another, at any stage farther down the distribution tree, a
government, a classroom, or perhaps even a parent could easily
institute such a measure as you describe, or as numerous voices have
requested, other software. This does not need to be done at the
distribution level, and in fact your specific request (set a root
password) would probably hamper the sponsoring governments ability to
use the machines. It's a non-starter for this project.
Bitfrost is a pretty darn nifty and quite ambitious plan to use all of
the tools available to ensure the functional and educational goals of
the platform. Once you've read over the draft spec, I'm sure the team
will appreciate your input, particular if you can help them code part
of it :) Malware defense is a big problem and _is_ an important part
of the security plan (eg Rainbow, whitelisted capabilities), but there
are other considerations.
Thanks,
Adric Net
On Nov 29, 2007, at 7:32 AM, Gmail Team wrote:
> isolation (Multics, the various *nix {BSD, Linux, etc, etc], VMS,
> and
> a signficant flotilla of others over
> the last 40 years) have fewer "downstream consequences" to software
> suffering "unintended consequences".
> The problem has been that, until fairly recently, user-friendly
> desktop software like Windows has been designed
> with *very poor* user-to-user isolation, because the original design
> of the operating system was single-user.
>
> The root in the XO doesn't have a password, how can talk about,
> permissions, and all that stuff, it the root, the admin of the whole
> system doesn't has his own passwd ?. Any malware, can affect the
> system simply doing 'su´.
> With just a pwgen ( $ man pwgen ) for the root, you will forget
> about malwares.. but, with out pass, it will be like windows :'(
>
> Kindly Regards
> _______________________________________________
> Security mailing list
> Security at lists.laptop.org
> http://lists.laptop.org/listinfo/security
Adric Net
adric at adric.net
More information about the Security
mailing list