[maemo-developers] Security Guidance for N800 OS development

From: Dave Cridland dave at cridland.net
Date: Tue Feb 20 17:03:06 EET 2007
On Tue Feb 20 14:51:53 2007, Zoran Kolic wrote:
> > > I mention this because, as more Internet aware/dependent > > 
> applications are developed for the N800 (it is an Internet tablet > 
> > after all) the "attack surface" for the product will increase. I 
> > > have asked previously about whether or not the N800 has a 
> stateful > > firewall but so far the answer seems to be no.
> > > > ... because it would be pointless. Anyone opening passive 
> sockets on > such a device really needs so much more than mere 
> firewalling. In > general, I've found firewalling on Linux to be a 
> waste of time if the > idea is to protect the machine itself, even 
> if you do have passive > sockets open. In principle, the layer of 
> software doing the stateful > inspection is essentially the same 
> software doing the processing - > packets arriving which are in the 
> wrong state get discarded *anyway*.
> Just cannot say how much I disagree!
But can you say why?

> > Well, where's the input coming from? This is typically only a > 
> security problem with multiuser systems or open network services. > 
> Malicious payloads (like, say, email, web pages) can cause issues, 
> > but in general they're much less of a serious issue, and they're 
> > certainly no different to any other platform.
> Disagreement again.
Can you explain why the N800/770 are sufficiently distinct to any 
other platform as to require special treatment in this area?

Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade

More information about the maemo-developers mailing list