[Dev] SDK vs multiuser and security features
alice.liu at intel.com
Wed Oct 29 03:11:30 GMT 2014
Let me raise two SDK specific issues. It may bring us more thinking about SDK user and security features.
1. Currently journal log only can be accessed by 'root' user, other users including 'app' user cannot access it. But as SDK developers, they need to get some log such as web application console log or even system level log to address the causes once running applications failed.
2. Some native apps' debugging tools such as gdbserver, oprofile and valgrind need a specific privilege to run. I am not sure in Tizen 3, what privilege it needs. It may need to access some kernel device nodes. I concern if 'app' user has the privilege to access kernel device node.
Although currently IVI SDK doesn't support native apps(I am not sure if IVI SDK also need to support native apps in future). It is a key issue for Tizen SDK(including mobile SDK, wearable SDK, or others).
From: Dev [mailto:dev-bounces at lists.tizen.org] On Behalf Of Dominig ar Foll (Intel OTC)
Sent: Tuesday, October 28, 2014 9:39 PM
To: dev at lists.tizen.org
Subject: [Dev] SDK vs multiuser and security features
We have recently seen a set of bugs raised due to side effect of the SDK mode of operation based on tizen 2 but used on Tizen 3.
I would like to invite the SDK architects to express their view on the transfer from Tizen 2 to 3 operation mode and how they propose to update the SDK.
I see few changes that will need to happen in order for the SDK to operate with Tizen 3 and we should address them soon rather than later.
They might be more.
- user App is going away. So no cross profile assumption on a default user ID can be made any more. The SDK will have to connect as a real valid user.
- security and data privacy enforcement cannot be turned off and so faking user ID will not work.
- Security features are linked to the Kernel which is 3.14, and so the SDK should be aligned. It should run with security "on".
- sdb mode of operation is a security back door which needs to be fixed (or replaced)
It would be great to get a Wiki page created with your proposed model.
Dominig ar Foll
Senior Software Architect
Open Source Technology Centre
Dev mailing list
Dev at lists.tizen.org
More information about the Dev