[olpc-software] Authentication, authorization, personalization/imprinting
Jim Gettys
jg at laptop.org
Wed Mar 29 14:22:08 UTC 2006
On Wed, 2006-03-29 at 11:49 +0100, Mike Hearn wrote:
> David Malcolm wrote:
> > My guess here is that all that's really doable is one of (i) do you have
> > physical access to the machine?
>
> Traditional approach to Linux desktop security has revolved around root
> vs user, but that's shoe-horning a security model that made sense in the
> 70s into a totally different situation today.
>
> Authentication is being used to do three things currently:
>
> * Separate multiple user accounts - but not applicable here, unless
> perhaps the family wish to use the childs laptop and treat it as
> a family laptop.
Expect this. All stakeholders (including the kids family) should stand
to gain, and having people share accounts is worse than having more
accounts on all security/authorization grounds I know.
>
> * Prevent unauthorized access to data from people physically in front of
> the machine. Realistically, is the headache of lost passwords worth
> it? How much sensitive data will children have? Not much, I'd expect.
>
> * Establish a trusted path to the user ... that's what needing root to
> reconfigure networks/date/software is about, really.
>
> If the first two aren't really applicable then that leaves the third,
> which can be better done in other ways, for instance using a combination
> of SELinux (but used differently to how it's used in Fedora Core) and
> the fact that the X server will tell you which events are synthetic.
> Such a scheme can make the system both more secure and easier to use (by
> eliminating password prompts).
We're going to need SELinux on network services, I expect, to protect
against day 0 attacks. If this project succeeds, we're an exceedingly
large target.
>
> But that's pretty new/experimental stuff as well, and there is probably
> a limit to how much of that is a good idea for the first generation
> product. So, being traditional here and prompting for the users password
> Ubuntu-style might be better.
>
Probably the ubuntu style behavior is correct, by default.
OLPC is trying to hire in the security/privacy/authentication area right
now, to have serious expertise on staff. We won't know for a few weeks
yet if the candidate we have in mind will join us or not.
- Jim
--
Jim Gettys
One Laptop Per Child
More information about the olpc-software
mailing list