[olpc-software] Authentication, authorization, personalization/imprinting

Jim Gettys jg at laptop.org
Wed Mar 29 14:22:08 UTC 2006


On Wed, 2006-03-29 at 11:49 +0100, Mike Hearn wrote:
> David Malcolm wrote:
> > My guess here is that all that's really doable is one of (i) do you have
> > physical access to the machine?
> 
> Traditional approach to Linux desktop security has revolved around root 
> vs user, but that's shoe-horning a security model that made sense in the 
> 70s into a totally different situation today.
> 
> Authentication is being used to do three things currently:
> 
> * Separate multiple user accounts - but not applicable here, unless
>    perhaps the family wish to use the childs laptop and treat it as
>    a family laptop.

Expect this.  All stakeholders (including the kids family) should stand
to gain, and having people share accounts is worse than having more
accounts on all security/authorization grounds I know.

> 
> * Prevent unauthorized access to data from people physically in front of
>    the machine. Realistically, is the headache of lost passwords worth
>    it? How much sensitive data will children have? Not much, I'd expect.
> 
> * Establish a trusted path to the user ... that's what needing root to
>    reconfigure networks/date/software is about, really.
> 
> If the first two aren't really applicable then that leaves the third, 
> which can be better done in other ways, for instance using a combination 
> of SELinux (but used differently to how it's used in Fedora Core) and 
> the fact that the X server will tell you which events are synthetic. 
> Such a scheme can make the system both more secure and easier to use (by 
> eliminating password prompts).

We're going to need SELinux on network services, I expect, to protect
against day 0 attacks.  If this project succeeds, we're an exceedingly
large target.

> 
> But that's pretty new/experimental stuff as well, and there is probably 
> a limit to how much of that is a good idea for the first generation 
> product. So, being traditional here and prompting for the users password 
> Ubuntu-style might be better.
> 

Probably the ubuntu style behavior is correct, by default.

OLPC is trying to hire in the security/privacy/authentication area right
now, to have serious expertise on staff.  We won't know for a few weeks
yet if the candidate we have in mind will join us or not.
                               - Jim

-- 
Jim Gettys
One Laptop Per Child





More information about the olpc-software mailing list