[OLPC Security] SuperUser permission for the Driver??

Deepak Saxena dsaxena at laptop.org
Thu Jun 26 11:16:27 EDT 2008


On Jun 25 2008, at 14:01, Carl-Daniel Hailfinger was caught saying:
> On 25.06.2008 08:07, Michael Stone wrote:
> > We have an activity that wants superuser privilege in order to poke
> > kernel memory.
> >   
> 
> Hello? Please take the poor activity out back and shoot it. No activity
> has any business poking kernel memory.

What if I replace Michael's statement with some specific use cases:

- An activity requires a specific device driver module to be (un)loaded
  to properly function and loading this driver requires su privilege.

or:

- An activity requires a device to switch operation modes and that 
  operation mode is configured via a sysfs file. The file is poked
  by a library API, but it requires su privilege to do so.

I agree with Paul that we need to have a solution to these
cases iff we want to support running arbitrary software and
hw combinations on the XO. The other option is to limit the
scope of the system to a very specific set of sw and hw,
treating the XO as embedded education appliance instead of 
a general-purpose laptop device, which I don't think
we want to do.

I don't have any immediate answers to any of Michael's questions
but I think looking at how the standard ditros deal with this
would be a starting point.

~Deepak

-- 
Deepak Saxena <dsaxena at laptop.org>


More information about the Security mailing list