moko running everything as root

[Peter J. Holzer]

On 2008-06-15 21:15:40 +0200, arne anka wrote:
> well, let's say we disagree in the classification of the om -- i think  
> it's a very powerfull mobile computer and thus should follow basically the  
> same idea of security.
> the user's data can be backed up and thus restored if compromised or  
> destroyed.
> the system itself may causes severe loss of money if compromised: sending  
> sms, calling those value-added numbers (what's the proper term in  
> english?), creating internet connections (and maybe sending spam).
> accessing your pc if you connect to it to sync or so may corrupt your  
> computer (take a known vulnerabilty, create an exploit and put it on the  
> om -- if connected to your pc it could infiltrate).

But all of these things a user has to be able to do - so if the user's
account is compromised, the intruder can also do these things.

I think there is some value in separating privileges even on a one-user
device, but I don't think "the user" vs. "root" is a useful separation,
because you will end up with a user who is essentially root and can do
everything interesting.
Separating applications may be more appropriate (e.g., the browser may
not need to be able to send SMS), but that needs careful thought.

	hp


-- 
   _  | Peter J. Holzer    | It took a genius to create [TeX],
|_|_) | Sysadmin WSR       | and it takes a genius to maintain it.
| |   | hjp at hjp.at         | That's not engineering, that's art.
__/   | http://www.hjp.at/ |	-- David Kastrup in comp.text.tex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.openmoko.org/pipermail/community/attachments/20080615/ab744736/attachment.pgp