I am forwarding this to the CenPEG people, for their file. Thanks Fooler.
//PManalastas --- On Fri, 7/17/09, fooler mail <[email protected]> wrote: > From: fooler mail <[email protected]> > Subject: Re: [plug] Code Review & SysAdmin of Election 2010 Computers > To: "Philippine Linux Users' Group (PLUG) Technical Discussion List" > <[email protected]> > Date: Friday, July 17, 2009, 11:42 AM > On Thu, Jul 16, 2009 at 11:26 PM, > Pablo > Manalastas<[email protected]> > wrote: > > > > MY REACTIONS: > > > > > > "After the customization of poll automation software" > -- means the software already exists, so > >why wait to finish customizing it (setting parameters) > before getting the thing reviewed? The > >source code already exists, and will not be affected by > customization, so why not review the > >code now? > > if their existing program is very flexible enough.. there > is no so > much customization in there.. the criteria is based on the > parameters > that is going to feed both for PCOS and CSS.. > > but comelec should start distributing the code of PCOS both > the OS > code and application code while waiting for CSS code.. > PCOS' OS must > also be review especially on its TCP/IP stack for any > backdoor access > in case the machine is online from that start of voting.. > > > > If they are going to add new code, then that's a > different story altogether. I'd like the following added to > the code: > > > > 1) During initialization (hour zero on election day), > i'd like both PCOS and CCS computers to > >print out filenames of all executables > >in /bin, /sbin, /usr/bin, /usr/sbin, /usr/local/bin, > /usr/local/sbin, together with their SHA-256 > >checksums. Also all configuration files in /etc and > their SHA-256 checksums. These are > >needed to compare with the originals that have been > approved by source code review. > > for PCOS machine.. we suggest to them to simplify their > partitioning > scheme.. for example: > > 1. / > 2. /ER > 3. /var > 4. /tmp > > all the binaries and configuration files must be in the > root partition > and that partition must be mounted as read only, executable > and no > writes.. in that way no updating of any files on that > partition as > well as we can easily make a hash starting from root as the > message > digest program will compute all the files in there > recursively... > > for /ER where the ER documents are stored in there.. this > partition > must be mounted as *append* mode only... append mode where > you can add > files and append data to an existing file but you cannot > delete nor > edit these existing files even if you are a root user... > > for /var where the system and other logs are stored in > there... this > partition must be mount as *append* mode also just like the > /ER > partition... > > for /tmp.. mounted as read/write but no execution of any > files in there... > > >In particular, /etc/securetty must specify that the > root user must never be allowed to log in from > >remote. To make checking simple for the BEI on election > day, this printout must be in > >lexicographic order of filenames, and must be digitally > clear-signed by Smartmatic so that the > >BEI need only compare the signature part (two lines of > text) > > so far i cannot comment or contribute as i need to know > what is their > plan about their network connectivity.. once i have a clear > picture > about on this... then thats the time for me to suggest... > > > > > 2) The option to SSL-sign or GPG-sign should be put in > the code, so that the teachers have a > >choice of getting their public keys signed by a CA or > signed by a peer. > > The signing part should be during the end of the > voting period, not at the beginning when there > >is nothing to sign yet (this is the way the current > version of the program looks to me). > > > > 3) Support for Java smartcards (with CPU) in the PCOS > and CCS hardware (smartcard slot) > >and new program for signing, so that using Java > smartcards for signing, the teachers' secret > >keys never leave the card, and is never copied over to > the computer. > > > > 4) Others? > > i took a look at the link of technical details of > PCOS machine gave > by xander solis (thanks dude)... two graphics format are > supported.. > bmp and tiff.. comelec is going to use tiff format..there > is a well > known vulnerability in tiff and can be seen from link below > on exploit > section... > > http://en.wikipedia.org/wiki/Tagged_Image_File_Format > > we need to code review not only the application program but > as well as > its API or libraries.. what the cheater need is to steal > one private > key and sign their special crafted ER where it can execute > their > arbitrary cheat codes secretly... in this regard.. a clean > CSS code > here is helpless for a honest election.. > > furtheremore, they need to replace their PCOS' gprs (2G) > modem to > HSDPA (3.5G) modem as this modem have a backward > compatibility and > fallback with gprs, edge and gsm networks... > > please contribute guys if you have a better ideas aside > from what is > currently discuss here.. thanks.. > > fooler. _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
