Re: Security Guidance for N800 OS development

> > I mention this because, as more Internet
aware/dependent 
> > applications are developed for the N800 (it is an
Internet tablet 
> > after all) the "attack surface" for the
product will increase. I 
> > have asked previously about whether or not the
N800 has a stateful 
> > firewall but so far the answer seems to be no.
> > 
> ... because it would be pointless. Anyone opening
passive sockets on 
> such a device really needs so much more than mere
firewalling. In 
> general, I've found firewalling on Linux to be a waste
of time if the 
> idea is to protect the machine itself, even if you do
have passive 
> sockets open. In principle, the layer of software doing
the stateful 
> inspection is essentially the same software doing the
processing - 
> packets arriving which are in the wrong state get
discarded *anyway*.

Just cannot say how much I disagree!

> Well, where's the input coming from? This is typically
only a 
> security problem with multiuser systems or open network
services. 
> Malicious payloads (like, say, email, web pages) can
cause issues, 
> but in general they're much less of a serious issue,
and they're 
> certainly no different to any other platform.

Disagreement again.

> I'm just really not clear that this is as much of a big
deal as you 
> seem to think, and I can't see anything specific to
Maemo which needs 
> addressing. If anything, the 770/N800 are a lot more
secure than the 
> average Linux box, let alone the average computer.

Kh-kh! Candid camera?

                               Zoran


_______________________________________________
maemo-developers mailing list
maemo-developersmaemo.org
h
ttps://maemo.org/mailman/listinfo/maemo-developers

On Tue Feb 20 14:51:53 2007, Zoran Kolic wrote:
> > > I mention this because, as more Internet
aware/dependent > > 
> applications are developed for the N800 (it is an
Internet tablet > 
> > after all) the "attack surface" for the
product will increase. I 
> > > have asked previously about whether or not
the N800 has a 
> stateful > > firewall but so far the answer seems
to be no.
> > > > ... because it would be pointless.
Anyone opening passive 
> sockets on > such a device really needs so much more
than mere 
> firewalling. In > general, I've found firewalling on
Linux to be a 
> waste of time if the > idea is to protect the
machine itself, even 
> if you do have passive > sockets open. In principle,
the layer of 
> software doing the stateful > inspection is
essentially the same 
> software doing the processing - > packets arriving
which are in the 
> wrong state get discarded *anyway*.
> 
> Just cannot say how much I disagree!
> 
> 
But can you say why?


> > Well, where's the input coming from? This is
typically only a > 
> security problem with multiuser systems or open network
services. > 
> Malicious payloads (like, say, email, web pages) can
cause issues, 
> > but in general they're much less of a serious
issue, and they're 
> > certainly no different to any other platform.
> 
> Disagreement again.
> 
> 
Can you explain why the N800/770 are sufficiently distinct
to any 
other platform as to require special treatment in this
area?

Dave.
-- 
Dave Cridland - mailto:davecridland.net - xmpp:dwdjabber.org
  -
acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
_______________________________________________
maemo-developers mailing list
maemo-developersmaemo.org
h
ttps://maemo.org/mailman/listinfo/maemo-developers