[Dev] Cynara

Jussi Laako jussi.laako at linux.intel.com
Fri Apr 11 09:18:25 GMT 2014


On 11.4.2014 11:39, José Bollo wrote:
>> Of course I make the particular binary u+s root.
>
> That is a kind of nuclear fire that you are putting on our temple.
>
> Question: how will a tizen user be allowed to do that?

Generally I prefer finer grained control based for example on CAPS 
instead of setuid(0).

We are talking about OS components here aren't we? Not about regular 
user apps.

What I want to do is to try to protect system components from possible 
exploits in other system components. So that exploiting one system 
component doesn't open up the entire device.

Since we deviated to talk about display managers...

I've spent countless hours discussing about secure pin entry GUIs and 
such in the past. There are many ways doing it with various levels of 
security. From simple things (like implemented in 
pinentry-gtk/pinentry-qt) all the way to display hardware take-over 
using secure co-processor.

One part of the story is how to prevent malicious third party 
application from mimicing entire GUI of the device by utilizing 
full-screen mode. Or faking system pop-up dialogs. Things like access 
controlled access to some screen areas like notification area, or use of 
access controlled LED indicator or such.

It becomes even more tricky when there are in-app purchases, especially 
for games operating in full-screen mode. Protecting your app-store 
account in such cases is important while at the same time making such 
things possible.



More information about the Dev mailing list