On Thu, Jul 16, 2009 at 11:26 PM, Pablo Manalastas<[email protected]> wrote: > > MY REACTIONS: > > > "After the customization of poll automation software" -- means the software > already exists, so >why wait to finish customizing it (setting parameters) before getting the >thing reviewed? The >source code already exists, and will not be affected by customization, so why >not review the >code now?
if their existing program is very flexible enough.. there is no so much customization in there.. the criteria is based on the parameters that is going to feed both for PCOS and CSS.. but comelec should start distributing the code of PCOS both the OS code and application code while waiting for CSS code.. PCOS' OS must also be review especially on its TCP/IP stack for any backdoor access in case the machine is online from that start of voting.. > If they are going to add new code, then that's a different story altogether. > I'd like the following added to the code: > > 1) During initialization (hour zero on election day), i'd like both PCOS and > CCS computers to >print out filenames of all executables >in /bin, /sbin, /usr/bin, /usr/sbin, /usr/local/bin, /usr/local/sbin, together >with their SHA-256 >checksums. Also all configuration files in /etc and their SHA-256 checksums. >These are >needed to compare with the originals that have been approved by source code >review. for PCOS machine.. we suggest to them to simplify their partitioning scheme.. for example: 1. / 2. /ER 3. /var 4. /tmp all the binaries and configuration files must be in the root partition and that partition must be mounted as read only, executable and no writes.. in that way no updating of any files on that partition as well as we can easily make a hash starting from root as the message digest program will compute all the files in there recursively... for /ER where the ER documents are stored in there.. this partition must be mounted as *append* mode only... append mode where you can add files and append data to an existing file but you cannot delete nor edit these existing files even if you are a root user... for /var where the system and other logs are stored in there... this partition must be mount as *append* mode also just like the /ER partition... for /tmp.. mounted as read/write but no execution of any files in there... >In particular, /etc/securetty must specify that the root user must never be >allowed to log in from >remote. To make checking simple for the BEI on election day, this printout >must be in >lexicographic order of filenames, and must be digitally clear-signed by >Smartmatic so that the >BEI need only compare the signature part (two lines of text) so far i cannot comment or contribute as i need to know what is their plan about their network connectivity.. once i have a clear picture about on this... then thats the time for me to suggest... > > 2) The option to SSL-sign or GPG-sign should be put in the code, so that the > teachers have a >choice of getting their public keys signed by a CA or signed by a peer. > The signing part should be during the end of the voting period, not at the > beginning when there >is nothing to sign yet (this is the way the current version of the program >looks to me). > > 3) Support for Java smartcards (with CPU) in the PCOS and CCS hardware > (smartcard slot) >and new program for signing, so that using Java smartcards for signing, the >teachers' secret >keys never leave the card, and is never copied over to the computer. > > 4) Others? i took a look at the link of technical details of PCOS machine gave by xander solis (thanks dude)... two graphics format are supported.. bmp and tiff.. comelec is going to use tiff format..there is a well known vulnerability in tiff and can be seen from link below on exploit section... http://en.wikipedia.org/wiki/Tagged_Image_File_Format we need to code review not only the application program but as well as its API or libraries.. what the cheater need is to steal one private key and sign their special crafted ER where it can execute their arbitrary cheat codes secretly... in this regard.. a clean CSS code here is helpless for a honest election.. furtheremore, they need to replace their PCOS' gprs (2G) modem to HSDPA (3.5G) modem as this modem have a backward compatibility and fallback with gprs, edge and gsm networks... please contribute guys if you have a better ideas aside from what is currently discuss here.. thanks.. fooler. _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
