Jameson "Chema" Quinn
2008-08-11 02:46:54 UTC
For when we actually have bitfrost permissions in the interface, I propose
another simple bitfrost permission: P_READ_LOGS. This is easily doable with
groups and permissions. I think it would be safe and useful if it were: not
given by default; not compatible with P_NETWORK except through user
intervention; but given to any non-P_NETWORK activity which requested it. It
is true that some private data could leak into the logs, but in general the
amount would be negligible; in the exceptional cases (which would be bugs in
some activity), the lack of P_NETWORK would keep the data from spreading
anyway.
This would be useful for Develop, and also to remove Log and Analyze from
the list of activities which need the far-more-dangerous (and also
not-fully-consensed) "P_ROOT".
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/pipermail/security/attachments/20080810/059c8413/attachment.htm
another simple bitfrost permission: P_READ_LOGS. This is easily doable with
groups and permissions. I think it would be safe and useful if it were: not
given by default; not compatible with P_NETWORK except through user
intervention; but given to any non-P_NETWORK activity which requested it. It
is true that some private data could leak into the logs, but in general the
amount would be negligible; in the exceptional cases (which would be bugs in
some activity), the lack of P_NETWORK would keep the data from spreading
anyway.
This would be useful for Develop, and also to remove Log and Analyze from
the list of activities which need the far-more-dangerous (and also
not-fully-consensed) "P_ROOT".
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/pipermail/security/attachments/20080810/059c8413/attachment.htm