[Shr-Devel] Security features of SHR

Carsten Haitzler (The Rasterman) raster at rasterman.com
Fri May 28 16:38:05 CEST 2010


On Fri, 28 May 2010 16:20:53 +0200 Martin Jansa <martin.jansa at gmail.com> said:

> On Fri, May 28, 2010 at 06:54:44PM +0500, Shaz wrote:
> > On Fri, May 28, 2010 at 5:57 PM, Tom Hacohen <tom at stosb.com> wrote:
> > > On Fri, May 28, 2010 at 3:19 PM, Shaz <shazalive at gmail.com> wrote:
> > >>
> > >> Still not satisfied because sharing phones is very unusual.
> > >
> > > Although unusual, it's a nice feature, and it's easy to do (after you run
> > > everything as non-root).
> > > In other words, don't try to justify a bad design. (i.e hardcoding user
> > > names).
> > 
> > So going back to the point where Mickey pointed out that this requires
> > some change in the kernel. I still have no idea why. Is the root
> > currently hard coded? Let me check ...
> > 
> > Mickey said: You may have to fix the kernel to provide sysfs access to
> > non-priviledged users. I don't get this.
> 
> I guess that Mickey meant ie fsogsmd running under unprivileged "gsm"
> user asking kernel to power-up gsm chip.
> 
> Running all fso daemons which needs to control hw, with suid doesn't improve 
> current situation that much.
> 
> Regards,

you could have an fsopowerd that runs as root whose sole purpose is to power up
and down things (safely and securely only for clients/processes authorised to
do so). same principle as above applies.

-- 
------------- Codito, ergo sum - "I code, therefore I am" --------------
The Rasterman (Carsten Haitzler)    raster at rasterman.com




More information about the openmoko-kernel mailing list