[OLPC Security] Terminals

[Albert Cahalan]

Michael Stone writes:

> One of our present security difficulties is that the Terminal activity
> is not isolated. It is de-isolated so that it can serve the dual role of
> root terminal and 'general exploration' terminal. Perhaps reviving the
> Quake Terminal for the root-terminal role and isolating the Terminal
> activity proper would be a nice way to solve half of our security issue?

No.

First of all, that would force usage of the root account to get
to the olpc account. There is little reason to want a random
user, but plenty of reason to want both olpc and root.

Second of all, the ability to de-isolate an arbitrary activity
is important. Isolation needs to be under the user's control.
Except to prevent a user from locking himself out by isolating
the de-isolation tool, no activity should be specially known
to Bitfrost or Sugar. Isolation is righfully a user choice.
It's OK to make isolation easier though, to avoid accidents.