Re: NetworkManager time sync
On Mon, 2010-07-05 at 08:41 -0300, Esteban Bordon wrote: You have to put a script calling ntpdate in /etc/NetworkManager/dispatcher.d/ You can also get the NTP server that may be passed down from DHCP in the environment of the script on 'up' events. See 'man NetworkManager'. That's of course useless if you can't trust DHCP, but might be helpful. Dan regards, Esteban. 2010/7/3 Bernie Innocenti ber...@codewiz.org Dan, we don't have any way to synchronize the clock on the XO... I'd rather avoid running ntp all the time as it wastes 2MB of RSS. Does NetworkManager provide a service to automatically call ntpdate when the interface goes up? -- // Bernie Innocenti - http://codewiz.org/ \X/ Sugar Labs - http://sugarlabs.org/ ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: NetworkManager time sync
El Wed, 07-07-2010 a las 12:20 -0400, Martin Langhoff escribió: Apparently the ntp protocol supports some server-signing of the messages -- we could use an OATS key for that. But it looks rickety. Authenticated NTP sounds like a good solution. NTP4 supports public key cryptography based on SSL certificates. We don't have to reuse the OATS keys for authentication and we also don't have to use the same server for OATS and NTP. Any trusted public ntp server should be fine. Maybe also the school servers. So, how about setting up a public ntp server and publishing the keys? I've already been running two public servers for one year or so: time1.sugarlabs.org time2.sugarlabs.org These are registered with ntp.org. I could generate keys and use them with py builds. Anyone else would be welcome to use our servers, of course. Alternatively, we could simply distribute ntp keys to our xs with puppet. However, this would stop working once the kids leave the school system. In case we opt for using public ntp servers with no authentication, I've also registered olpc.ntp.org (as recommended by someone in this thread). -- // Bernie Innocenti - http://codewiz.org/ \X/ Sugar Labs - http://sugarlabs.org/ ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: NetworkManager time sync
On Mon, Jul 5, 2010 at 11:52 PM, Daniel Drake d...@laptop.org wrote: While we have your attention on this topic... Do you not think that this is a security issue? In that a thief could put a laptop on a network with rigged DNS and have control over the time/date on the laptop? We *really* have to get OFW clock checks working -- then this disappears as an issue. I really want to be able to use ntp (at least ntpdate on NM successful connect). The OATS clock sync is very rough -- on purpose. Apparently the ntp protocol supports some server-signing of the messages -- we could use an OATS key for that. But it looks rickety. cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: NetworkManager time sync
On Wed, Jul 7, 2010 at 12:20 PM, Martin Langhoff martin.langh...@gmail.com wrote: On Mon, Jul 5, 2010 at 11:52 PM, Daniel Drake d...@laptop.org wrote: While we have your attention on this topic... Do you not think that this is a security issue? In that a thief could put a laptop on a network with rigged DNS and have control over the time/date on the laptop? We *really* have to get OFW clock checks working -- then this disappears as an issue. I really want to be able to use ntp (at least ntpdate on NM successful connect). The OATS clock sync is very rough -- on purpose. I believe my proposal was to use OFW protected execution to replace trust the RTC clock -- which is pretty daft, even if theoretically vserver would let you isolate that priviledge domain -- with having OFW keep a monotonically increasing counter of CPU time (not real time). Theft-deterrence leases would be then good for a certain amount of CPU time, and you can screw with your RTC all you like. (CPU time is also guaranteed to increase by some amount on every boot, so the lease also roughly limits number of boots.) I think wad said he managed to squeeze the hardware to enable this into the latest generation, but I don't know if the support was ever fully integrated. It's mostly a OFW/EC hack, since all the privileged code is removed from the OS in this case. --scott -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Anti-theft vs RTC (Was Re: NetworkManager time sync)
On Tue, Jul 6, 2010 at 2:32 PM, Hal Murray hmur...@megapathdsl.net wrote: It's probably possible to make the anti-theft stuff significantly more robust in this area. I think it would be a lot of work. Yes. Much more work than mere conversation. Are you planning to hack on this? Moving a good chunk of olpc-update-query logic into the initramfs could be something to start. m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Anti-theft vs RTC (Was Re: NetworkManager time sync)
csc...@laptop.org said: While we have your attention on this topic... Do you not think that this is a security issue? In that a thief could put a laptop on a network with rigged DNS and have control over the time/date on the laptop? A sane security system would let the user control their local time, without jeopardizing security based on server (or firmware) time. That's hard to do if the user is root. I'm far from a wizard on this area, but I think the key idea is that there is only one RTC and there isn't any reasonable way for the firmware to hide it from the OS. So if you let the user become root, they can set the RTC back and keep using an old lease as long as they can hide from the anti-theft server at boot time. I think a thief could do useful work on a stolen XO as long as they are willing to run with the clock set incorrectly (to bypass the firmware boot-time checks) and they are smart enough to disable any non-firmware security checks. They would have to avoid booting near an anti-theft (school) server and/or hide behind a firewall that would filter it out. Is there a good high level description of how the current anti-theft works? I've found these: http://wiki.laptop.org/go/Antitheft_HowTo http://wiki.laptop.org/go/XS-activation http://wiki.laptop.org/go/OLPC_Bitfrost The first two are full of commands to type to use the current anti-theft setup, but there isn't much discussion of the big picture. The Bitfrost doc was last edited in Feb 2007. I haven't found a discussion of the set-the-clock-back case. The Bitfrost doc describes an anti-theft daemon running on the XO at: http://wiki.laptop.org/go/OLPC_Bitfrost#P_THEFT:_anti-theft_protection It also expects file protection for the critical parts of the OS as described here: http://wiki.laptop.org/go/OLPC_Bitfrost#P_SF_CORE Has that been implemented? If so, how, and where do I find more info? I don't remember any discussion of that topic. There is also discussion of maintaining a per program view of the RTC at: http://wiki.laptop.org/go/OLPC_Bitfrost#P_RTC:_real_time_clock_protection I don't think that's been implemented either. It's probably possible to make the anti-theft stuff significantly more robust in this area. I think it would be a lot of work. The two chunks of Bitfrost above would be a good start. I'm not sure they are sufficient and/or there may be simpler ways. Security is hard. -- These are my opinions, not necessarily my employer's. I hate spam. ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: NetworkManager time sync
You have to put a script calling ntpdate in /etc/NetworkManager/dispatcher.d/ regards, Esteban. 2010/7/3 Bernie Innocenti ber...@codewiz.org Dan, we don't have any way to synchronize the clock on the XO... I'd rather avoid running ntp all the time as it wastes 2MB of RSS. Does NetworkManager provide a service to automatically call ntpdate when the interface goes up? -- // Bernie Innocenti - http://codewiz.org/ \X/ Sugar Labs - http://sugarlabs.org/ ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: NetworkManager time sync
On Mon, 2010-07-05 at 10:33 +0200, Tomeu Vizoso wrote: You mean a script placed in /etc/NetworkManager/dispatcher.d/ ? Yes, and then invoke hwclock --systohc. I was just hoping to find something already written, tested and packaged nicely so we could use it both on the XO and SoaS. -- // Bernie Innocenti - http://codewiz.org/ \X/ Sugar Labs - http://sugarlabs.org/ ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: NetworkManager time sync
On 07/04/2010 12:59 AM, Bernie Innocenti wrote: Dan, we don't have any way to synchronize the clock on the XO... I'd rather avoid running ntp all the time as it wastes 2MB of RSS. Does NetworkManager provide a service to automatically call ntpdate when the interface goes up? You mean a script placed in /etc/NetworkManager/dispatcher.d/ ? Regards, Tomeu ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: NetworkManager time sync
On Mon, Jul 5, 2010 at 9:03 AM, Bernie Innocenti ber...@codewiz.org wrote: On Mon, 2010-07-05 at 10:33 +0200, Tomeu Vizoso wrote: You mean a script placed in /etc/NetworkManager/dispatcher.d/ ? Yes, and then invoke hwclock --systohc. I was just hoping to find something already written, tested and packaged nicely so we could use it both on the XO and SoaS. I wrote that script when I was at OLPC. It should still be packaged somewhere. --scott -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: NetworkManager time sync
On Mon, 2010-07-05 at 20:30 -0400, C. Scott Ananian wrote: I wrote that script when I was at OLPC. It should still be packaged somewhere. I see olpc-update-ifup in my builds, but nothing related to ntpdate. Do you remember if it was part of olpc-utils or olpc-update? -- // Bernie Innocenti - http://codewiz.org/ \X/ Sugar Labs - http://sugarlabs.org/ ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: NetworkManager time sync
On Mon, Jul 5, 2010 at 8:33 PM, Bernie Innocenti ber...@codewiz.org wrote: On Mon, 2010-07-05 at 20:30 -0400, C. Scott Ananian wrote: I wrote that script when I was at OLPC. It should still be packaged somewhere. I see olpc-update-ifup in my builds, but nothing related to ntpdate. Do you remember if it was part of olpc-utils or olpc-update? Maybe someone's got a copy of build 653 lying around and they can run rpm -q for us. --scott -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: NetworkManager time sync
On 5 July 2010 21:44, C. Scott Ananian csc...@laptop.org wrote: Maybe someone's got a copy of build 653 lying around and they can run rpm -q for us. While we have your attention on this topic... Do you not think that this is a security issue? In that a thief could put a laptop on a network with rigged DNS and have control over the time/date on the laptop? It does seem like that we have (unintentionally?) dropped this functionality from recent builds, but it seems like we could even call it intentional: this functionality weakens the security system, and in recent builds we now have a secure way of updating the time: the olpc-update-query OAT client now synchronizes the time from the OAT server, and this communication is covered by the usual key-based security mechanisms. Daniel ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: NetworkManager time sync
On Mon, Jul 5, 2010 at 11:52 PM, Daniel Drake d...@laptop.org wrote: On 5 July 2010 21:44, C. Scott Ananian csc...@laptop.org wrote: Maybe someone's got a copy of build 653 lying around and they can run rpm -q for us. While we have your attention on this topic... Do you not think that this is a security issue? In that a thief could put a laptop on a network with rigged DNS and have control over the time/date on the laptop? A sane security system would let the user control their local time, without jeopardizing security based on server (or firmware) time. --scott -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
NetworkManager time sync
Dan, we don't have any way to synchronize the clock on the XO... I'd rather avoid running ntp all the time as it wastes 2MB of RSS. Does NetworkManager provide a service to automatically call ntpdate when the interface goes up? -- // Bernie Innocenti - http://codewiz.org/ \X/ Sugar Labs - http://sugarlabs.org/ ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
