On Tue, 2010-07-06 at 16:36 -0600, Daniel Drake wrote: > On 6 July 2010 15:03, Bernie Innocenti <ber...@codewiz.org> wrote: > > Well, granting root access from the console already weakens it to the > > point of being useless. Who would bother to setup a fake DHCP, DNS and > > NTP server when it takes 20 seconds to crack it from the console? :-) > > Right. So with that logic, lets just throw out the whole security > system. Ignoring the fact that some deployments ship without root > access.
Is the practice of completely locking-down the laptops something we'd even want to encourage? Assuming we don't, why should we cripple time-syncing for everyone just to simplify an unsupported customization? > And that there are efforts to solve that in the future. Oh, I was unaware of this. Who is working on it, and what's the exact plan? > Having ntp sync like this weakens the security system because it means > that when you fix one problem (of easy root access, for example), you > still have other ones that make your system easily defeatable. > Instead, if you choose not to add more holes, once you fix the > existing ones then you have a fully secure system. Easy root access is not a security bug, it's a feature that OLPC deliberately chose to give to all users. I even submitted a mingetty patch adding --loginpause which we use to drop into the root console. Why? Because, without root access, children would own the XO the same way consumers own the iPhone and the TiVo. They could crash the physical thing on the floor and burn it, but not flip one bit without government's authorization. I may sound a bit melodramatic, but a project of this kind wouldn't have inspired me to volunteer even for one day. Moralities apart, I guess anyone would agree on the purely technical statement that we can't make OATS work effectively without also taking away root privileges (or the best parts of it). Any half-hearted compromise is likely to be as ineffective as it is annoying. > > This isn't globally acceptable: many (most?) laptops run without a OATS > > server, so their clock would remain wrong forever. > > This picture is rapidly changing. I thought the default was changed one year ago from locked to unlocked. I would be surprised if many deployments had the technical skills to deal comfortably with the complexity of the activation system, when it is very challenging even for us. We probably disagree here, but I think that in most cases OATS costs more to maintain than its actual economical benefit. Admittedly, it works very well at addressing a problem of fear that may play a big role in influencing decision makers. Come on, we all secretly know this and play dumb :-) -- // Bernie Innocenti - http://codewiz.org/ \X/ Sugar Labs - http://sugarlabs.org/ _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel