A good place to start: <a href="http://wiki.laptop.org/go/Bitfrost#Current_Status">http://wiki.laptop.org/go/Bitfrost#Current_Status</a><br><br>In particular, the Rainbow implementation has no chroot/ vserver that I know of, it is all pid's and file permissions.<br>
<br><div class="gmail_quote">On Mon, Mar 31, 2008 at 7:12 PM, Toby Murray <<a href="mailto:toby.murray@comlab.ox.ac.uk">toby.murray@comlab.ox.ac.uk</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi,<br>
<br>
I'm writing to enquire about the differences (if any) between the<br>
Bitfrost ideals and the Rainbow implementation.<br>
<br>
In particular, the original Bitfrost documentation (e.g. [1]) suggests<br>
that it would be implemented using the VServer to control filesystem<br>
visibility etc.<br>
<br>
However, a quick look at relevant Rainbow docs (specifically [2])<br>
indicate that Rainbow might be implemented using only the standard Linux<br>
DAC mechanisms -- essentially, very similar to the Polaris design[3].<br>
<br>
Some more specific questions:<br>
<br>
- Does Rainbow use chroot?<br>
- If so, how does its filesystem protections go beyond what Plash [4]<br>
offers?<br>
- In particular, Plash has some (or is close to providing) support for<br>
copy-on-write access, which is hinted at in [2].<br>
<br>
Any info would be great.<br>
<br>
Finally, were one interested in hacking on Rainbow, what is an ideal<br>
development environment for doing so? (Particularly for someone without<br>
access to an XO).<br>
<br>
Many thanks,<br>
<br>
and cheers to all of those involved here. OLPC, and its security<br>
model/architecture, are nothing if not the most successful vehicle by<br>
which "least authority" has been sold to an otherwise apathetic<br>
audience. Kudos.<br>
<br>
Toby<br>
<br>
[1] <a href="http://cups.cs.cmu.edu/soups/2007/proceedings/p132_krstic.pdf" target="_blank">http://cups.cs.cmu.edu/soups/2007/proceedings/p132_krstic.pdf</a><br>
[2]<br>
<a href="http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow.txt;hb=HEAD" target="_blank">http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow.txt;hb=HEAD</a><br>
[3] <a href="http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html" target="_blank">http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html</a><br>
[4] <a href="http://plash.beasts.org/wiki/" target="_blank">http://plash.beasts.org/wiki/</a><br>
<br>
_______________________________________________<br>
Security mailing list<br>
<a href="mailto:Security@lists.laptop.org">Security@lists.laptop.org</a><br>
<a href="http://lists.laptop.org/listinfo/security" target="_blank">http://lists.laptop.org/listinfo/security</a><br>
</blockquote></div><br>