Quote:
Originally Posted by elinkser
POSSIBLE SECURITY ISSUES OF RMKIT
Since rmkit makes it easier to quickly develop cross-platform apps, some might roll their eyes and say, "Great, more junk apps".
Security-conscious people should also be concerned that a proliferation of low quality apps makes a nice target for malware.
-C++ requires effort and skill to be done correctly, and therefore securely.
-Kobo Nickel is designed for reading, not networking. It lacks up-to-date kernel, fine-grained permissions in the user partition, and kernel support for firewalls, among other issues.
How can this problem be addressed?
Kobo is even less equipped to deal with this than old Windows was.
Some random ill-thought out musings:
- Use InkBox instead of Nickel
- Only allow signed apps to launch in rmkit
- Run an app scanner over apps in the rmkit repository.
- Run a user-space firewall in rmkit (all i/o accesses only allowed through "secure" api)
- Require users who want to run Simple framework to self-sign any app they want to give run permission to.
Who would do all this work?
Not me - I'm not a dev, and definitely not a C++ dev.
But I want to enjoy my Kobo in a secure way.
|
I would screem if you didn't mentioned InkBox ;p
Running rmkit as a InkBox user apps makes it extremely sandboxed, but it wouldn't protect against all ( Only some, we limit access to /dev and /sys ) kernel level exploits.
And you worry about it too much. Who cares about the x users using rmkit? You would need to special prepare malware for what?