On Mon, Mar 22, 2010 at 00:47, Luke Faraone <[email protected]> wrote: > [please drop iaep in followup emails, this is a technical discussion]
A discussion doesn't belong to IAEP because of being about technical matters? What I would have expected instead is that IAEP is for general discussion and sugar-devel for development. Regards, Tomeu > On Sun, Mar 21, 2010 at 19:31, Yamandu Ploskonka <[email protected]> wrote: >> >> I guess that harddrive-less units are totally OK, but what happens in >> normal, hard-drive based machines if somehow a stick gets infected? when >> booting from a USB stick, is it like when booting from a CD or for those >> old enough to remember, like booting from a floppy? >> >> I mean, that was THE way to get infected before Word macros started >> being the star, since such infection basically bypass all anti-malware >> protection, except when set at the BIOS level, and how many people knew >> about it in my younger days? >> >> How can we ensure this is not an issue made worse by Soas users? >> Opinions and knowledge, anyone? > > The operating system running on the SoaS stick has unrestricted access to > the computer. It can mount internal disks, repartition, etc; anything one > could do if you were "root" on the running computer. > So far, the only security vulnerability experienced in conjunction with USB > sticks has been Windows viruses. Since the SoaS stick does not contain WINE, > it cannot run any Windows executables, and unless a virus is specially > crafted to work on Linux and handle the specific way that LiveUSB sticks are > constructed, it is unlikely to pose any threat. > There is no way to mitigate this threat other than to verify the integrity > of a SoaS stick from a trusted (ideally sole-role) computer designed for > that purpose, or have the BIOS check the kernel signature (a la the XO), and > have the kernel verify the userland. This is overkill for 99% of situations. > > In summary: There are much more probable threats to be worried about, and as > of today, SoaS does not have the level of popularity where one would have to > consider such solutions. > If we want to protect against rouge activities, there are existing > technologies that can easily be put into place with a configuration change > (`touch /etc/olpc-security`) and some testing. This is a good thing to work > on short-term in my opinion. > > Thanks, > > Luke Faraone > http://luke.faraone.cc > > > _______________________________________________ > SoaS mailing list > [email protected] > http://lists.sugarlabs.org/listinfo/soas > > _______________________________________________ IAEP -- It's An Education Project (not a laptop project!) [email protected] http://lists.sugarlabs.org/listinfo/iaep
