[Shr-Devel] Security features of SHR
Carsten Haitzler (The Rasterman)
raster at rasterman.com
Fri May 28 16:38:05 CEST 2010
On Fri, 28 May 2010 16:20:53 +0200 Martin Jansa <martin.jansa at gmail.com> said:
> On Fri, May 28, 2010 at 06:54:44PM +0500, Shaz wrote:
> > On Fri, May 28, 2010 at 5:57 PM, Tom Hacohen <tom at stosb.com> wrote:
> > > On Fri, May 28, 2010 at 3:19 PM, Shaz <shazalive at gmail.com> wrote:
> > >>
> > >> Still not satisfied because sharing phones is very unusual.
> > >
> > > Although unusual, it's a nice feature, and it's easy to do (after you run
> > > everything as non-root).
> > > In other words, don't try to justify a bad design. (i.e hardcoding user
> > > names).
> >
> > So going back to the point where Mickey pointed out that this requires
> > some change in the kernel. I still have no idea why. Is the root
> > currently hard coded? Let me check ...
> >
> > Mickey said: You may have to fix the kernel to provide sysfs access to
> > non-priviledged users. I don't get this.
>
> I guess that Mickey meant ie fsogsmd running under unprivileged "gsm"
> user asking kernel to power-up gsm chip.
>
> Running all fso daemons which needs to control hw, with suid doesn't improve
> current situation that much.
>
> Regards,
you could have an fsopowerd that runs as root whose sole purpose is to power up
and down things (safely and securely only for clients/processes authorised to
do so). same principle as above applies.
--
------------- Codito, ergo sum - "I code, therefore I am" --------------
The Rasterman (Carsten Haitzler) raster at rasterman.com
More information about the openmoko-kernel
mailing list