On 2008-06-15 21:15:40 +0200, arne anka wrote: > well, let's say we disagree in the classification of the om -- i think > it's a very powerfull mobile computer and thus should follow basically the > same idea of security. > the user's data can be backed up and thus restored if compromised or > destroyed. > the system itself may causes severe loss of money if compromised: sending > sms, calling those value-added numbers (what's the proper term in > english?), creating internet connections (and maybe sending spam). > accessing your pc if you connect to it to sync or so may corrupt your > computer (take a known vulnerabilty, create an exploit and put it on the > om -- if connected to your pc it could infiltrate).
But all of these things a user has to be able to do - so if the user's account is compromised, the intruder can also do these things. I think there is some value in separating privileges even on a one-user device, but I don't think "the user" vs. "root" is a useful separation, because you will end up with a user who is essentially root and can do everything interesting. Separating applications may be more appropriate (e.g., the browser may not need to be able to send SMS), but that needs careful thought. hp -- _ | Peter J. Holzer | It took a genius to create [TeX], |_|_) | Sysadmin WSR | and it takes a genius to maintain it. | | | [EMAIL PROTECTED] | That's not engineering, that's art. __/ | http://www.hjp.at/ | -- David Kastrup in comp.text.tex
signature.asc
Description: Digital signature
_______________________________________________ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community