[maemo-developers] Maemo security longterm roadmap?

From: François Cauwe francois at cauwe.org
Date: Wed Nov 7 10:12:37 EET 2007 
On Tue, 2007-11-06 at 17:36 -0500, Jesse Guardiani wrote:
> Is it really an issue? Microsoft Windows has a "trust" system, but
> last I checked not even their own security patches get signed. No one
> uses it.

Hi,

I was maybe not so clear in my last message; What I mean is:
We can trust software that come from trusted source and that is
'signed'. But other software, that the end user still want to install
can't be trusted.

Even if you wan the end user, he will stil install it and maybe break
his system or get a virus. For this kind of software we maybe need an
other approach and at least _try_ to minimise the damage that a program
can do. 

I added the link of bitfrost, which is the approach the OLPC project
took for this problem.

Basically, they limit acces of a not signed program to the system. 
Some examples:
- The program can only send X kb over the network in 1 hour.
- Acces to special devices(camera) has to be granded, so that the user
know that the camera/mic is in use.
- The program is 'jailed' and can only acces some type of file
- The program is 'jailed' and can only acces the file that the user
selected with the File>open dialog box  

People that are interested can always read the full document at:
http://wiki.laptop.org/go/OLPC_Bitfrost


François
More information about the maemo-developers mailing list