On 25.06.2008 08:07, Michael Stone wrote: > We have an activity that wants superuser privilege in order to poke > kernel memory. >
Hello? Please take the poor activity out back and shoot it. No activity has any business poking kernel memory. > The real questions we should be attempting to address here include: > > * Who is granting privilege to this activity? > Everybody who wants to ridicule the security model. > * How are they doing so? > > * How should we record the decision? > > - My tentative answer is that we should store activities with > different security properties in well-known directory chains > with appropriately restricted write access. > > * What kinds of abuse are these mechanisms vulnerable to? > > * Whose responsibility is it to handle the error condition that the > human operator does not, him-or-herself posess superuser privilege, > e.g. for theft-deterrence reasons? > Just say no. Having an activity poke kernel memory is a really strong sign that the interface is totally broken. Regards, Carl-Daniel _______________________________________________ Security mailing list [email protected] http://lists.laptop.org/listinfo/security
