Rainbow: Difference between revisions
Jump to navigation
Jump to search
(Replaced content with ' == '''Hacked By Dr.NaNo''' ==') |
m (Reverted edits by 77.64.72.243 (Talk) to last revision by FGrose) |
||
| (One intermediate revision by one other user not shown) | |||
| Line 1: | Line 1: | ||
{{translations}} |
|||
<noinclude>{{Google Translations}} |
|||
[[Category:Security]] |
|||
</noinclude>{{Rainbow page}} |
|||
The [[OLPC Bitfrost|Bitfrost]] security specification argues that existing desktop security conventions do not meet the security needs: |
|||
== '''Hacked By Dr.NaNo''' |
|||
* of adventurous kids in 1-1 computing programs, |
|||
* of the technical staff who help maintain such initiatives, and |
|||
* of the political constituencies which determine where such programs take place. |
|||
The most serious inadequacy of such systems is that they force end-users to take unnecessary security risks (for example, giving all programs a user runs access to the network, to auto-start facilities, and to other programs' data files) while simultaneously denying users the opportunity to do things which can be done safely but which were not anticipated by the system administrator (notably, installing new software or modifying the local system.) |
|||
Consequently, [[Security credits#Activity Isolation|we]] wrote [http://dev.laptop.org/git/users/mstone/security/tree/rainbow Rainbow]. |
|||
== |
|||
Rainbow is an isolation shell. This means two things: |
|||
# ''shell'': Rainbow runs programs on behalf of humans and programs. Rainbow provides those programs with a suitable environment: places in which temporary and persistent data can be stored, environment variables to identify those places, etc. |
|||
# ''isolation'': People and programs should use Rainbow when they want to isolate programs from other programs and important system resources. "Isolation" is already a familiar concept to most UNIX programmers: many system daemons already operate using their own unique UID and/or GID, and most have private places in which they store their configuration. Rainbow generalizes and extends this paradigm by providing every program it runs with a unique identity, with private storage, with pre-configured resource usage limits, etc. |
|||
At the moment, Rainbow only knows how to provide the same primitive form of filesystem and signal isolation that competent sysadmins provide to users of multi-user Unix shell servers. |
|||
However, '''[[Security#Contributions|contributions]]''' are welcome, particularly contributions which advance [[Rainbow/Next Steps|existing plans]]. |
|||
'''Information about rainbow-0.8.*''' |
|||
* [[Rainbow/Current Situation|current situation]]: feature, design, and implementation notes for rainbow-0.8.* |
|||
* [[Rainbow/Installation Instructions|installation instructions]] for rainbow-0.8.* |
|||
* [[Rainbow/Testing|testing]] instructions for rainbow-0.8.* |
|||
* [[Rainbow/Next Steps|next steps!]] |
|||
* [[Rainbow/Demo Ideas|demo ideas]] |
|||
'''Other Information''' |
|||
* notes for [[Rainbow/Information for Activity Developers|Activity Developers]], for Sugar 0.82 and rainbow-0.7.* |
|||
* [[Rainbow/Historical Designs|historical design comparisons]], for rainbow-0.6.*, -0.7.*, and -0.8.* |
|||
* [[Rainbow/Curiosities|curiosities]] |
|||
==Subpages== |
|||
(Titles in ''italics'' redirect to another page.){{Special:PrefixIndex/{{PAGENAME}}/}} |
|||
Latest revision as of 21:00, 26 November 2011
Rainbow :: git :: sources :: rainbow-0.8.6.tar.bz2 :: announcement
The Bitfrost security specification argues that existing desktop security conventions do not meet the security needs:
- of adventurous kids in 1-1 computing programs,
- of the technical staff who help maintain such initiatives, and
- of the political constituencies which determine where such programs take place.
The most serious inadequacy of such systems is that they force end-users to take unnecessary security risks (for example, giving all programs a user runs access to the network, to auto-start facilities, and to other programs' data files) while simultaneously denying users the opportunity to do things which can be done safely but which were not anticipated by the system administrator (notably, installing new software or modifying the local system.)
Consequently, we wrote Rainbow.
Rainbow is an isolation shell. This means two things:
- shell: Rainbow runs programs on behalf of humans and programs. Rainbow provides those programs with a suitable environment: places in which temporary and persistent data can be stored, environment variables to identify those places, etc.
- isolation: People and programs should use Rainbow when they want to isolate programs from other programs and important system resources. "Isolation" is already a familiar concept to most UNIX programmers: many system daemons already operate using their own unique UID and/or GID, and most have private places in which they store their configuration. Rainbow generalizes and extends this paradigm by providing every program it runs with a unique identity, with private storage, with pre-configured resource usage limits, etc.
At the moment, Rainbow only knows how to provide the same primitive form of filesystem and signal isolation that competent sysadmins provide to users of multi-user Unix shell servers.
However, contributions are welcome, particularly contributions which advance existing plans.
Information about rainbow-0.8.*
- current situation: feature, design, and implementation notes for rainbow-0.8.*
- installation instructions for rainbow-0.8.*
- testing instructions for rainbow-0.8.*
- next steps!
- demo ideas
Other Information
- notes for Activity Developers, for Sugar 0.82 and rainbow-0.7.*
- historical design comparisons, for rainbow-0.6.*, -0.7.*, and -0.8.*
- curiosities
Subpages
(Titles in italics redirect to another page.)