[Shr-Devel] Security features of SHR

Carsten Haitzler (The Rasterman) raster at rasterman.com
Fri May 28 16:05:31 CEST 2010


On Fri, 28 May 2010 18:54:44 +0500 Shaz <shazalive at gmail.com> said:

> On Fri, May 28, 2010 at 5:57 PM, Tom Hacohen <tom at stosb.com> wrote:
> > On Fri, May 28, 2010 at 3:19 PM, Shaz <shazalive at gmail.com> wrote:
> >>
> >> Still not satisfied because sharing phones is very unusual.
> >
> > Although unusual, it's a nice feature, and it's easy to do (after you run
> > everything as non-root).
> > In other words, don't try to justify a bad design. (i.e hardcoding user
> > names).
> 
> So going back to the point where Mickey pointed out that this requires
> some change in the kernel. I still have no idea why. Is the root
> currently hard coded? Let me check ...
> 
> Mickey said: You may have to fix the kernel to provide sysfs access to
> non-priviledged users. I don't get this.

(write) access you can get via setuid-root tools that handle specific access
for specific users or group members - no root changes needed if you go through
such tools - or... if you expose a service that runs as root and lets non-root
users connect and request things - it can also authenticate as it desires i
don't see where kernel changes are needed here as the kernel guys simply say
"not our problem - it's a userspace problem. solve it up there" and the
solution is as above.

-- 
------------- Codito, ergo sum - "I code, therefore I am" --------------
The Rasterman (Carsten Haitzler)    raster at rasterman.com




More information about the openmoko-kernel mailing list