[Shr-Devel] Security features of SHR
shazalive at gmail.com
Fri May 28 02:00:50 CEST 2010
On Fri, May 28, 2010 at 4:05 AM, Werner Almesberger <werner at openmoko.org> wrote:
> Shaz wrote:
>> Issue for the community that what user name or id to give for standard
>> system services and utilities.
> Traditional choices for "service users" include "daemon", "nobody",
> <service-name>, depending on what you're after. <service-name> can
> be something like "mail", "uucp", "dhcp", etc.
> To prevent this sort of unprivileged "users" from owning too much
> important stuff (not only files, but also processes - think kill
> and strace attacks from an easily compromised unimportant "nobody"
> service against a more valuable one), it's usually best to give
> each its own user ID.
Thats exactly how it should be. Exceptions can be there but we can
decide with time.
> For a default "real user", if there's any chance that there may be
> multiple users on the system, the system should probably just ask,
> e.g., when getting the initial user password.
We can't expect a smartphone or a mobile or a handheld to have
multiple users. Can we?
> If the system is truly single-user and the user/root separation is
> purely technical, then something like "user", would work.
More information about the openmoko-kernel