I've used both grsec and selinux, and I think selinux would be more appropriate here.
The main issue here is the initial volume of work required to get apps to actually work, this is something I may look at once I finally get my n900 ;-)

The main problem is that selinux (may be historical) adds a 10% overhead...

OK, so if I dialup to your phone number or telnet to your server and I log in with lp I get shell access, and your root passwd is empty? Nice, secure by default...

How about keeping it in the scope.
a) There won't be any default services running on the public IPs of the phone, if they are that's just insane from Nokia side of things

b) dial-in you seem to have this misperception that these things work out of the box with no setting it up and so on? They don't.

So yes I'm not worried about remote exploits in the form of services running on the phone. As it's locked down quite well.


You seem to think you can login to any user that doesn't have a password set. Having a blank password and not having one set are two very different things.

When one is not set usually there is some char: ! or x where the password should be. So no matter what you try you will fail to authenticate.

You also have this misconception that all the features of grsec/selinux/rbac/etc... will give you some magical security bullet if you run the device without a firewall or any other basic pre-existing security setups.

Security is a process not a state.

a) don't run external services - this is the easiest one to do
b) have a firewall in place that by default blocks anything unrelated coming in - not that hard to do as well
c) set a root pw - a default one doesn't make sense but generating a password based on wlan mac+imei+something else as salt for it could do well.
d) consider what most users will be doing with the device(I mean most not those like myself that will run various things like openssh and openvpn on it). They'll be uploading photos, using maps, chatting etc. And won't worry about all that security stuff.
e) all the hardened security ideas are there really if you have a firewall/router that's running linux, or running services that are exposed to the outside.
f) And in the end this should still be the users choice. If they want to run something secure they should be the one to do so.

I would have to say there's a greater possibilty of something coming in through an SMS than through IP.

If you are worried about local exploits then you have much bigger problems than a simple security issue.

It's simple: do you trust the app that you are installing. If you don't then don't install it. What's so hard about it. Yes apps should possibly be veted through some security checks and so on but that won't catch everything. But adding I don't know what extra security checks for such things doesn't make sense unless it's something of real importance.

I would consider encrypted data store, and an easy OTA backup/sync a more pressing need. That way if you need to ever restore the system you still have everything.

In my book privacy and personal control trump security each and every time.

Hmm... I was joking about wardialing, IRIX, default usernames with no passwords, and so on... point being, that these default settings were not good.

My previous post already outlined the problem: lack of capability-based security, lack of signed binaries, and client software.

Stuff like firewalls and services are boring because they're already a given, and these devices usually hang behind NAT.

Well I don't take "hints" well in general

As for signed binaries I actually want that using something like signelf. The only problem is an absent loader that could verify on load. But what I don't want is this enforced in a manner similar to symbiansigned. But sadly that's how a corporation would understand it. Hence why I oppose this as enabled by default and so on.

But again I still don't get it what you would benefit from all of this. I mean once you have local access nothing really will help much.