[OLPC Security] Bitfrost and dual-boot
Michael Stone
michael at laptop.org
Thu May 29 17:53:49 EDT 2008
On Thu, May 29, 2008 at 02:58:07PM -0600, Jameson Chema Quinn wrote:
> > if you run everything as user olpc and user olpc can become root without a
> > password, getting olpc is as good as getting root.
>
> An arbitrary process running as user olpc should not be able to get root. My
> impression is that it cannot, currently; am I wrong?
In recent builds, any process running as user OLPC can execute code as
uid 0 via the setuid-0 user-olpc-executable /usr/bin/sudo.
The security strategy underlying this (which no one is executing since
I'm off making releases) is to push system code (pieces of the sugar
shell, the telepathy connection managers, etc.) into their own UIDs.
Comments?
Michael
P.S. - In the future, please remember to CC the security@ list on this
sort of discussion. I'm sure that there are people on that list who
would like to comment but who also have no interest in following the
general development lists.
More information about the Security
mailing list