[Sugar-devel] Some questions about "root" and "olpc" logins.

Sascha Silbe silbe at activitycentral.com
Mon Mar 19 18:51:10 EDT 2012


Excerpts from Ajay Garg's message of 2012-03-16 20:10:11 +0100:

> I just compared the "root" and "olpc" logins functioning on os883.img, and
> my F14 laptop; and I am curious about the following things ::

[User can become root without password and related behaviour]

In addition to what others have said already, I'd like to point you to
Bitfrost [1], which is the security design for the XOs and for
Sugar. While not all parts have been implemented (yet?) and others have
(sadly!) fallen into disuse because of lack of resources to keep them
working in the constantly changing world that is Gnome, both the
introduction [1] and the specification [2] are a good read to understand
why certain decisions (like allowing the user to become root without
requiring any kind of authentication) have been made and in what ways we
can expect it to develop. Bitfrost tries to protect the user against
(buggy or malicious software or data from) other users, not the software
from the user.

Sascha

[1] http://wiki.laptop.org/go/Bitfrost
[2] http://wiki.laptop.org/go/OLPC_Bitfrost
-- 
http://sascha.silbe.org/
http://www.infra-silbe.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://lists.sugarlabs.org/archive/sugar-devel/attachments/20120319/edfd46d1/attachment.pgp>


More information about the Sugar-devel mailing list