[OLPC Security] SuperUser permission for the Driver??
Deepak Saxena
dsaxena at laptop.org
Thu Jun 26 11:16:27 EDT 2008
On Jun 25 2008, at 14:01, Carl-Daniel Hailfinger was caught saying:
> On 25.06.2008 08:07, Michael Stone wrote:
> > We have an activity that wants superuser privilege in order to poke
> > kernel memory.
> >
>
> Hello? Please take the poor activity out back and shoot it. No activity
> has any business poking kernel memory.
What if I replace Michael's statement with some specific use cases:
- An activity requires a specific device driver module to be (un)loaded
to properly function and loading this driver requires su privilege.
or:
- An activity requires a device to switch operation modes and that
operation mode is configured via a sysfs file. The file is poked
by a library API, but it requires su privilege to do so.
I agree with Paul that we need to have a solution to these
cases iff we want to support running arbitrary software and
hw combinations on the XO. The other option is to limit the
scope of the system to a very specific set of sw and hw,
treating the XO as embedded education appliance instead of
a general-purpose laptop device, which I don't think
we want to do.
I don't have any immediate answers to any of Michael's questions
but I think looking at how the standard ditros deal with this
would be a starting point.
~Deepak
--
Deepak Saxena <dsaxena at laptop.org>
More information about the Security
mailing list