Re: Security implications of untrusted apps

Robert Michel openmoko at
Fri Nov 17 17:19:04 CET 2006

Salve Gabriel!

Gabriel Ambuehl schrieb am Freitag, den 17. November 2006 um 15:25h:

> On Friday 17 November 2006 09:35, Jan Niehusmann wrote:
> > On Fri, Nov 17, 2006 at 08:59:36AM +0100, Gabriel Ambuehl wrote:
> > > I think there needs to be a process by which software can get into the
> > > repository. There's certainly some security implications that need to be
> > > taken care of...
> >
> > At that point I wondered if the phone could support some kind of sandbox
> > for untrusted apps. It could feature
> I would very much welcome that. AppArmor or SELinux maybe but I think both are 
> rather heavy?

I know that it makes sence to reduce the cpu and mememory consumtion
as good as possible - but virtual machines/emulators offers the chance of 
more security, multiuser and to use other software....

So maybe not for everybody (especialy mass market)
- but it could be interesting for some: 
says linux-vserver is running on an ARM ;)
and vserver needs less recources than xen. *g*

So a guest should get ressources in dependency of the battery power
and bluetooth (wifi) A-GPS and GPRS access should be configurable...

To run third party software like a navigation system (e.g. tomtom), 
it could run inside a seperate guest :)

And beside security some ideas:
- share a vserver on your mobile with a friend
- spend your vserver for an open city/campus message system
- have different guest systems on a micro-SD
- run a complete "game, sienticific ..." system for the Neo1973
  as guest system.
- pralell to your productive system test a new openmoko system

Any reports/experiances about linux-vserver on an ARM?



More information about the community mailing list