Possible security hole for Dialers/troyan horses
jsuggs at murmp.com
Thu Mar 1 20:40:36 CET 2007
> Le jeudi 01 mars 2007 à 09:48 -0600, Jonathon Suggs a écrit :
>> Isn't this something along the lines of SELinux? If that is the case,
>> is that something we should look at implementing?
> As I understood SELinux, it would be a good tool for security.
> Many (or most) other (close) Linux phone use SELinux to (successfully)
> block hacker who want to free their phone. But if we use it for our
> interest, I feel, it would be fine.
> But if a user doesn't want to think about the problem of security, as
> he will download anything from everywhere (binary from untrusted
> source), he will simply switch off SELinux in a way of making working
> his new (downloaded) application...
> As I remember, with Fedora Core 6 (which use SELinux), when I've
> installed some application from official repository, some application
> doesn't work because the policy of SELinux is not, or badly implemented
> for them. So, I did have the chose to:
> - write by myself a new SELinux policy (but I do not have enough skill
> to do that)
> - disable SELinux to use it
> - not use it
> So, if I've chose to wait an update of the SELinux policy, I guess, some
> users would simply chose to disable SELinux...
> We can do nothing for users which doesn't care about security concern,
> except trying to educated them... Or simply don't care about their
> OpenMoko community mailing list
> community at lists.openmoko.org
Good points. The goal is usability. We shouldn't have to make the
device bend to our will...it should behave naturally as one would
expect. Having end users even think of what a SELinux policy is 100%
wrong. First because they don't necessarily need to know about it.
Two, some/most won't comprehend what it is or why then need/want it.
Third, when given your three options I would guess there are only two
solutions. One is have a nasty enough dialog "Doing this WILL cause
your phone to explode, don't do it" and they won't use the software and
be confused. The other is that they just disable SELinux (or whatever
security/preventative measure) and install the software.
Designing software is hard. Making it user friendly is hard.
Preventing users from doing dumb things is hard. Then throw into the
mix trying to design a system that will protect against poorly written
software or malicious software and things get really hard. But that is
why we are discussing this...trying to figure out a solution.
That said, is SELinux a good thing to look into for OpenMoko? What are
the difficulties? How does that affect the developers?
Keep the dialog going.
More information about the community