MokSec - The Security Framework

thomasg thomas at
Mon Jul 14 18:18:44 CEST 2008

On Mon, Jul 14, 2008 at 6:13 PM, Kalle Happonen <kalle.happonen at>

> thomasg wrote:
> > On Mon, Jul 14, 2008 at 5:22 PM, arne anka <openmoko at
> > <mailto:openmoko at>> wrote:
> >
> >     > Of course you can create another user, as you are used to on any
> >     unix
> >     > system.
> >     > It just doesn't ship with one because the distro comes in
> >     ready-to-deploy
> >     > images, not with a installer like the binary-distro-people are
> >     used to.
> >
> >     sure? i think it possible that some things won't work when
> >     non-root ...
> >
> >
> > Of course some things won't work - if they would, there would be no
> > need for a special root account.
> > Basically all the tools someone would use without a terminal should
> > work (dialer, contacs, ...) no matter what stack is used.
> > The daemons that need root access run in background and can be
> > controlled by userspace-programs without root-access.
> >
> > If of course would take a loginmanager or similar to use a user with
> > password at startup, because currently the user root is automatically
> > logged in. Should be easy to "fix".
> Even running only critical things as root, and most stuff on a
> no-password unprivileged account would be better. But an user account
> with a password a would of course be better. The I'd say that the PIN
> could almost be saved somewhere, to avoid the need for a double log-in.

I had some thoughts about that, too.
Would be cool if it wasn't necessary to have a PIN at all - you enter the
PIN in the "first-run-wizard", that will store it.
After that you only have one password (of your choise) that does all - the
security daemon would lookup in a key/password-database and use your
password for all things, like decrypting the other containers (phonebook,
messages, e.g.), authing you on the network with the stored pin, unlocking
the phone screen, .....
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the community mailing list