Security in OpenMoko

Cailan Halliday chocolate.usa.chan at gmail.com
Sat Oct 6 20:59:54 CEST 2007


Hey everybody, I just found this device:
http://www.linuxdevices.com/news/NS4756295876.html
I don't know anything about it really, but it's security related and
might provide some inspiration?
Cheers,
Cailan

>From: Mikkel Meyer Andersen <openmoko at mikl.dk>
>To: community at lists.openmoko.org
>Date: Wed, 03 Oct 2007 20:44:00 +0200
>Subject: Security in OpenMoko
>Hi all,
>
>First of all I'll like to say hello to all. I'm quite new at the
>OpenMoko-thingie (a Neo 1973 is on the way although - waiting with
>patience), so I hope you'll bear with me for minor (and major :-)) mistakes.
>
>And now to the actual subject: is every application on OpenMoko running
>as root?
>
>For a couple of weeks ago I wrote a post on this matter on my blog [1]
>and just today I saw  that iPhone had exactly that flaw [2].
>
>Allow me to quote myself partly from a mail to Sean Moss Pultz about
>this [3] sent 17th of September 2007, and partly to refer to me writing
>about it at the discussion site for the wiki [4].
>
>I don't hope that I've offended anyone, that was certainly not the
>purpose. I just think security is a huge point of interest and should
>draw a sufficient amount of focus from us developers.
>
>Regards,
>Mikkel Meyer Andersen aka. mikl-dk
>Denmark
>
>---
>
>[1]: http://www.scienco.org/2007/openmoko/always-root/
>[2]: http://www.eweek.com/article2/0,1895,2191373,00.asp
><3>
>Triggered by the question whether every execution of an application is
>done by the root-user, I started to wondering about the security in
>OpenMoko in general. Actually I found very little - near to nothing -
>about it, and I personally think that's inappropriate for this project.
>We simply have to focus very much on security so that isn't going to be
>a pitfall. So please, let's focus on this! If desired, I'll be glad to
>join such a "task-force". Many other manufactures don't focus that much
>on security, and one is starting to talk about viruses on mobile phones
>and so on. I think it's very important to make security an issue in
>OpenMoko. (It could be a small-scale solution known from *nix such as
>the daily use was under a normal user account and the root account was
>required in order to install applications and change certain system
>settings; and the root should have a password - or maybe even use sudo
>or something.)
></3>
>[4]: http://wiki.openmoko.org/wiki/Talk:Main_Page




More information about the community mailing list