rootninja

The Bitfrost security platform for the OLPC has strong principals, but the goals blow my mind. I’ll explain in a minute, check out the principles:

Principles

Open design

The laptop’s security must not depend upon a secret design implemented in hardware or software.

No lockdown

Though in their default settings, the laptop’s security systems may impose various prohibitions on the user’s actions, there must exist a way for these security systems to be disabled…

No reading required

Security cannot depend upon the user’s ability to read a message from the computer and act in an informed and sensible manner. While disabling a particular security mechanism may require reading, a machine must be secure out of the factory if given to a user who cannot yet read.

Unobtrusive security

Whenever possible, the security on the machines must be behind the scenes, making its presence known only through subtle visual or audio cues, and never getting in the user’s way…

Ok, sounds great. Now here’s the goals that I find interesting:

Goals

No user passwords

…the security of the laptop cannot depend on the user’s ability to remember a password. Users cannot be expected to choose passwords when they first receive computers.

Out-of-the-box security

The laptop should be both usable and secure out-of-the-box, without the need to download security updates when at all possible.

Now the problem I have is if you grab ahold of any XO laptop, run the Terminal application, and su to become root, you won’t be prompted for a password. If this project is aimed at students doing everything through the Sugar GUI environment, then why give free-for-all access to a terminal at all? Isn’t this one case where you can make an exception for the no-user-passwords thing? There is currently no protection in place to stop one user from manipulating another user’s files at all.