[Solar-general] Modelo de seguridad de OLPC
Diego Saravia
dsa en unsa.edu.ar
Vie Mar 2 02:20:56 CET 2007
el sueño del enano fascista !
2007/3/1, Sebastian Bassi <sbassi en clubdelarazon.org>:
> Aca hay una nota, yo no la habia visto:
> http://lwn.net/Articles/221052/
> Refuta lo que se dijo aca que habia que ir todos los dias a loguearse
> (por defecto, es dentro de 21 dias, variable segun decision de cada
> pais).
> Luego habla de como va a estar adaptado el Linux:
>
> At the Linux level, security will be handled through a set of
> privileges assigned to each installed program. Privileges look much
> like Linux capabilities, but they are not capabilities; they are a new
> layer of protections which will be implemented via some other means.
> Some of the expected privileges will include:
>
> * P_SF_CORE: the ability to modify the core software on the
> system. This privilege is normally off, and cannot be enabled without
> a special developer key. There is also P_SF_RUN, which allows
> modification of the currently-running system software. This privilege
> works by way of a copy-on-write filesystem mechanism; software changes
> are saved as copies. This mechanism makes it easy to revert the system
> to its initial state should the need arise.
>
> * P_NET: a group of controls on network access. Programs can be
> denied access to the net entirely, or they can have any of a wide
> range of bandwidth, time-of-day, and destination restrictions applied
> to them.
>
> * P_MIC_CAM: programs can be granted (or denied) the ability to
> use the camera and the microphone. There will also be LEDs (not
> present on the current test systems) which will illuminate whenever
> the camera or microphone are in use. So it should be difficult to use
> an OLPC system to spy on its owner.
>
> * There is a whole set of quotas designed to prevent a program
> from using too much processor time, flash space, etc.
>
> In addition, every program will be run in an isolated mode:
>
> A program on the XO starts in a fortified chroot, akin to a BSD jail,
> where its visible filesystem root is only its own constrained scratch
> space. It normally has no access to system paths such as /proc or
> /sys, cannot see other programs on the system or their scratch spaces,
> and only the libraries it needs are mapped into its scratch space. It
> cannot access user documents directly, but only through the file store
> service, explained in the next section.
>
> _______________________________________________
> Solar-general mailing list
> Solar-general en lists.ourproject.org
> https://lists.ourproject.org/cgi-bin/mailman/listinfo/solar-general
>
--
Diego Saravia
Diego.Saravia en gmail.com
NO FUNCIONA->dsa en unsa.edu.ar
Más información sobre la lista de distribución Solar-general