[Solar-general] Modelo de seguridad de OLPC

Sebastian Bassi sbassi en clubdelarazon.org
Jue Mar 1 17:00:54 CET 2007


Aca hay una nota, yo no la habia visto:
http://lwn.net/Articles/221052/
Refuta lo que se dijo aca que habia que ir todos los dias a loguearse
(por defecto, es dentro de 21 dias, variable segun decision de cada
pais).
Luego habla de como va a estar adaptado el Linux:

At the Linux level, security will be handled through a set of
privileges assigned to each installed program. Privileges look much
like Linux capabilities, but they are not capabilities; they are a new
layer of protections which will be implemented via some other means.
Some of the expected privileges will include:

    * P_SF_CORE: the ability to modify the core software on the
system. This privilege is normally off, and cannot be enabled without
a special developer key. There is also P_SF_RUN, which allows
modification of the currently-running system software. This privilege
works by way of a copy-on-write filesystem mechanism; software changes
are saved as copies. This mechanism makes it easy to revert the system
to its initial state should the need arise.

    * P_NET: a group of controls on network access. Programs can be
denied access to the net entirely, or they can have any of a wide
range of bandwidth, time-of-day, and destination restrictions applied
to them.

    * P_MIC_CAM: programs can be granted (or denied) the ability to
use the camera and the microphone. There will also be LEDs (not
present on the current test systems) which will illuminate whenever
the camera or microphone are in use. So it should be difficult to use
an OLPC system to spy on its owner.

    * There is a whole set of quotas designed to prevent a program
from using too much processor time, flash space, etc.

In addition, every program will be run in an isolated mode:

A program on the XO starts in a fortified chroot, akin to a BSD jail,
where its visible filesystem root is only its own constrained scratch
space. It normally has no access to system paths such as /proc or
/sys, cannot see other programs on the system or their scratch spaces,
and only the libraries it needs are mapped into its scratch space. It
cannot access user documents directly, but only through the file store
service, explained in the next section.



Más información sobre la lista de distribución Solar-general