[maemo-developers] Security Guidance for N800 OS development

From: Zoran Kolic zkolic at sbb.co.yu
Date: Tue Feb 20 16:51:53 EET 2007
> > I mention this because, as more Internet aware/dependent 
> > applications are developed for the N800 (it is an Internet tablet 
> > after all) the "attack surface" for the product will increase. I 
> > have asked previously about whether or not the N800 has a stateful 
> > firewall but so far the answer seems to be no.
> > 
> ... because it would be pointless. Anyone opening passive sockets on 
> such a device really needs so much more than mere firewalling. In 
> general, I've found firewalling on Linux to be a waste of time if the 
> idea is to protect the machine itself, even if you do have passive 
> sockets open. In principle, the layer of software doing the stateful 
> inspection is essentially the same software doing the processing - 
> packets arriving which are in the wrong state get discarded *anyway*.

Just cannot say how much I disagree!

> Well, where's the input coming from? This is typically only a 
> security problem with multiuser systems or open network services. 
> Malicious payloads (like, say, email, web pages) can cause issues, 
> but in general they're much less of a serious issue, and they're 
> certainly no different to any other platform.

Disagreement again.

> I'm just really not clear that this is as much of a big deal as you 
> seem to think, and I can't see anything specific to Maemo which needs 
> addressing. If anything, the 770/N800 are a lot more secure than the 
> average Linux box, let alone the average computer.

Kh-kh! Candid camera?


More information about the maemo-developers mailing list