On Thu, May 29, 2008 at 02:58:07PM -0600, Jameson Chema Quinn wrote: > > if you run everything as user olpc and user olpc can become root without a > > password, getting olpc is as good as getting root. > > An arbitrary process running as user olpc should not be able to get root. My > impression is that it cannot, currently; am I wrong?
In recent builds, any process running as user OLPC can execute code as uid 0 via the setuid-0 user-olpc-executable /usr/bin/sudo. The security strategy underlying this (which no one is executing since I'm off making releases) is to push system code (pieces of the sugar shell, the telepathy connection managers, etc.) into their own UIDs. Comments? Michael P.S. - In the future, please remember to CC the security@ list on this sort of discussion. I'm sure that there are people on that list who would like to comment but who also have no interest in following the general development lists. _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel