Please read the spec, the wiki discussion page, and the previous posts to this list before trying to discuss perceived flaws in the system that is being built. http://wiki.laptop.org/go/BitFrost , http://wiki.laptop.org/go/Talk:Bitfrost , and http://lists.laptop.org/pipermail/security/, respectively.
Discussion of weaknesses in standard Linux or UNIX systems are not necessarily applicable to the OLPC Bitfrost platform. Also, the spec is not fully implemented in the software, but the spec makes pretty clear what features are intended.
But any infected activity gets access to system resources in the same
way as the
"host" user. Last time I checked, rainbow/service.py didn't do
to try and really hunt-down any background processes created by an
so to say that the spam-bot (or any other unintended malware-type-thing)
dies when the activity gets cleaned up is horribly misleading.
Since, as you acknowledge earlier, each Activity is started in it's own UID, then it is trivial to make sure that all processes started by that user and all of their children die when the Activity is terminated, eg `slay 1003`. So, pointing out that 'weakness' is not particularly helpful, but submitting a patch that adds that command to activity tear-down might be.
Similarly, discussion of spamming is hopefully mitigated by the default network rate limiting and cpu usage limiting of the platform. If you see weakness in this plan that are not already discussed, please share. Or submit patches :)
Yes, again. *sigh*