[OLPC Security] Please read the spec and the discussion first, thanks. Was: Re: A mom's worries

Adric Net adric at adric.net
Fri Nov 30 00:31:01 EST 2007


Please read the spec, the wiki discussion page, and the previous posts  
to this list before trying to discuss perceived flaws in the system  
that is being built.  http://wiki.laptop.org/go/BitFrost , http://wiki.laptop.org/go/Talk:Bitfrost 
  , and http://lists.laptop.org/pipermail/security/, respectively.

Discussion of weaknesses in standard Linux or UNIX systems are not  
necessarily applicable to the OLPC Bitfrost platform.  Also, the spec  
is not fully implemented in the software, but the spec makes pretty  
clear what features are intended.

An example:

> But any infected activity gets access to system resources in the same
> way as the
>  "host" user.   Last time I checked, rainbow/service.py didn't do
> anything special
>  to try and really hunt-down any background processes created by an
> activity,
>  so to say that the spam-bot (or any other unintended malware-type- 
> thing)
>  dies when the activity gets cleaned up is horribly misleading.

Since, as you acknowledge earlier, each Activity is started in it's  
own UID, then it is trivial to make sure that all processes started by  
that user and all of their children die when the Activity is  
terminated, eg `slay 1003`. So, pointing out that 'weakness' is not  
particularly helpful, but submitting a patch that adds that command to  
activity tear-down might be.

Similarly, discussion of spamming is hopefully mitigated by the  
default network rate limiting and cpu usage limiting of the platform.  
If you see weakness in this plan that are not already discussed,  
please share. Or submit patches :)

Adric Net

More information about the Security mailing list