[OLPC Security] Bitfrost vs. Rainbow

Jameson "Chema" Quinn jquinn at cs.oberlin.edu
Mon Mar 31 23:48:50 EDT 2008


A good place to start: http://wiki.laptop.org/go/Bitfrost#Current_Status

In particular, the Rainbow implementation has no chroot/ vserver that I know
of, it is all pid's and file permissions.

On Mon, Mar 31, 2008 at 7:12 PM, Toby Murray <toby.murray at comlab.ox.ac.uk>
wrote:

> Hi,
>
> I'm writing to enquire about the differences (if any) between the
> Bitfrost ideals and the Rainbow implementation.
>
> In particular, the original Bitfrost documentation (e.g. [1]) suggests
> that it would be implemented using the VServer to control filesystem
> visibility etc.
>
> However, a quick look at relevant Rainbow docs (specifically [2])
> indicate that Rainbow might be implemented using only the standard Linux
> DAC mechanisms -- essentially, very similar to the Polaris design[3].
>
> Some more specific questions:
>
>  - Does Rainbow use chroot?
>  - If so, how does its filesystem protections go beyond what Plash [4]
> offers?
>  - In particular, Plash has some (or is close to providing) support for
> copy-on-write access, which is hinted at in [2].
>
> Any info would be great.
>
> Finally, were one interested in hacking on Rainbow, what is an ideal
> development environment for doing so? (Particularly for someone without
> access to an XO).
>
> Many thanks,
>
> and cheers to all of those involved here. OLPC, and its security
> model/architecture, are nothing if not the most successful vehicle by
> which "least authority" has been sold to an otherwise apathetic
> audience. Kudos.
>
> Toby
>
> [1] http://cups.cs.cmu.edu/soups/2007/proceedings/p132_krstic.pdf
> [2]
>
> http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow.txt;hb=HEAD
> [3] http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html
> [4] http://plash.beasts.org/wiki/
>
> _______________________________________________
> Security mailing list
> Security at lists.laptop.org
> http://lists.laptop.org/listinfo/security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/pipermail/security/attachments/20080331/b5b0a5ef/attachment.htm 


More information about the Security mailing list