olpc-security

2010-02-17 Thread Esteban Arias
hi, what is the use of file : /etc/olpc-security ? ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel

Re: olpc-security

2010-02-17 Thread Bert Freudenberg
On 17.02.2010, at 14:58, Esteban Arias wrote: hi, what is the use of file : /etc/olpc-security ? When /etc/olpc-security exists, Sugar uses Rainbow to isolate activity instance from each other. This is one of the XO's security features. See http://wiki.laptop.org/go/Rainbow - Bert

Re: [OLPC Security] permissions for setting scheduler policy

2008-08-14 Thread Jim Gettys
A typical solution is, when you are about to start the process, invoke a different (very small, so it can be audited) process that can set what you need as root, and then drop the privileges before execing the real image that does the work. But Michael may have something else in mind for Rainbow.

Re: [OLPC Security] permissions for setting scheduler policy

2008-08-14 Thread Victor Lazzarini
yes, I suppose that can be done, but it does look a little messy, and it would be nice to be able to write activities that transparently can do this, rather than as special cases. It does not need to be root. I can set permissions for user olpc and it works (provided that limits.conf is edited

Re: [OLPC Security] preliminary [PATCH] and discussion for #5657: activity isolation for all activities in ~/Activities

2008-08-01 Thread C. Scott Ananian
On Fri, Aug 1, 2008 at 5:01 PM, Jameson Chema Quinn [EMAIL PROTECTED] wrote: Problem: anything named Journal, Terminal, Log, or Analyze is not isolated. This is the biggest security hole we have right now: it is a trivial way for any activity to get root access. Another possible short-term

Re: [OLPC Security] preliminary [PATCH] and discussion for #5657: activity isolation for all activities in ~/Activities

2008-08-01 Thread Jameson Chema Quinn
On Fri, Aug 1, 2008 at 4:01 PM, C. Scott Ananian [EMAIL PROTECTED] wrote: On Fri, Aug 1, 2008 at 5:01 PM, Jameson Chema Quinn [EMAIL PROTECTED] wrote: Problem: anything named Journal, Terminal, Log, or Analyze is not isolated. This is the biggest security hole we have right now: it is a

Re: [OLPC Security] SuperUser permission for the Driver??

2008-06-26 Thread Jay Sulzberger
On Thu, 26 Jun 2008, Deepak Saxena wrote: On Jun 25 2008, at 14:01, Carl-Daniel Hailfinger was caught saying: On 25.06.2008 08:07, Michael Stone wrote: We have an activity that wants superuser privilege in order to poke kernel memory. Hello? Please take the poor activity out back and

Re: [OLPC Security] SuperUser permission for the Driver??

2008-06-26 Thread Jay Sulzberger
On Thu, 26 Jun 2008, Benjamin M. Schwartz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Deepak Saxena wrote: | I agree with Paul that we need to have a solution to these | cases iff we want to support running arbitrary software and | hw combinations on the XO. The other option is

Re: [OLPC Security] G1G1: Security, to enable or disable...

2008-06-05 Thread Walter Bender
I would like to see the link for requesting a developer key made much more prominent in the library. I'd like to see the pathname to downloading the key itself much more prominent (and displayed in a larger point size) on the webpage returned after the request is granted. For those of us with

Re: [OLPC Security] G1G1: Security, to enable or disable...

2008-06-05 Thread Kim Quirk
The two issues that I am concerned about regarding the write protect flag with regards to G1G1: 1 - I thought requiring signed images was part of our bitfrost security. Doesn't it provide some protection from malicious images? Assuming we get to the point where upgrading is an easy click from the

Re: [OLPC Security] G1G1: Security, to enable or disable...

2008-06-05 Thread Frank Ch. Eigler
Kim Quirk [EMAIL PROTECTED] writes: [...] Finally, I agree with Scott, that the easiest thing we can do in the short term is to make the 'get a developer key' more prominent for those who want to find it. [...] Taking away the 24 hour delay between key request and response could help solve

Re: [OLPC Security] G1G1: Security, to enable or disable...

2008-06-05 Thread david
On Thu, 5 Jun 2008, Kim Quirk wrote: 1 - I thought requiring signed images was part of our bitfrost security. Doesn't it provide some protection from malicious images? Assuming we get to the point where upgrading is an easy click from the G1G1 machine, then we want to be sure that people

Re: [OLPC Security] G1G1: Security, to enable or disable...

2008-06-04 Thread Paul Fox
SJ wrote: I continue to be uncomfortable that we are sending out restricted / locked-down machines without a clear need. The arguments made so far for this are 1. Getting G1G1 people to test security steps 2. Protecting G1G1 donors from installing anything but signed builds 3.

Re: [OLPC Security] G1G1: Security, to enable or disable...

2008-06-04 Thread reynt0
On Tue, 3 Jun 2008, C. Scott Ananian wrote: . . . The original reason is that it allowed our G1G1 users to more fully exercise/test our secure boot paths, which are used in our deployment countries. This helps G1G1 users be more representative testers, and . . . I'm a G2G2. Among my

Re: [OLPC Security] G1G1: Security, to enable or disable...

2008-06-04 Thread C. Scott Ananian
On Wed, Jun 4, 2008 at 12:15 AM, Paul Fox [EMAIL PROTECTED] wrote: SJ wrote: I continue to be uncomfortable that we are sending out restricted / locked-down machines without a clear need. The arguments made so far for this are 1. Getting G1G1 people to test security steps 2.

Re: [OLPC Security] G1G1: Security, to enable or disable...

2008-06-04 Thread C. Scott Ananian
On Wed, Jun 4, 2008 at 9:20 PM, reynt0 [EMAIL PROTECTED] wrote: I also want to be able to examine the XO as thoroughly as possible from my own (USA, educated, experienced, and so on) perspective. In that regard, FWIW I found the various infos I later could find from olpc a bit unclear or even

Re: [OLPC Security] G1G1: Security, to enable or disable...

2008-06-03 Thread C. Scott Ananian
On Tue, Jun 3, 2008 at 12:07 PM, ffm [EMAIL PROTECTED] wrote: Why were G1G1 machines shipped with firmware, kernel, and reflash locks enabled? (see http://wiki.laptop.org/go/Developer_keys ) Theft is not a good reason, as they do not require activation leases. It only seems to be a bother

Re: [OLPC Security] G1G1: Security, to enable or disable...

2008-06-03 Thread C. Scott Ananian
On Tue, Jun 3, 2008 at 12:43 PM, Bert Freudenberg [EMAIL PROTECTED] wrote: On 03.06.2008, at 18:33, ffm wrote: On Tue, Jun 3, 2008 at 12:29 PM, C. Scott Ananian [EMAIL PROTECTED] wrote: Machines sent out via our developer program are always shipped out unsecured. Yet I've just recived two

Re: [OLPC Security] Bitfrost and dual-boot

2008-06-03 Thread Carl-Daniel Hailfinger
On 30.05.2008 08:34, Albert Cahalan wrote: On Fri, May 30, 2008 at 1:15 AM, Edward Cherlin [EMAIL PROTECTED] wrote: On Thu, May 29, 2008 at 8:45 PM, Albert Cahalan [EMAIL PROTECTED] wrote: On Thu, May 29, 2008 at 5:07 PM, Edward Cherlin [EMAIL PROTECTED] wrote: Also, I think

Re: [OLPC Security] G1G1: Security, to enable or disable...

2008-06-03 Thread ffm
On Tue, Jun 3, 2008 at 12:29 PM, C. Scott Ananian [EMAIL PROTECTED] wrote: Machines sent out via our developer program are always shipped out unsecured. Yet I've just recived two laptops via said program that had security enabled. -FFM ___ Devel

Re: [OLPC Security] G1G1: Security, to enable or disable...

2008-06-03 Thread Kim Quirk
Developer program laptops are shipped out as US/International keyboards, English language, AK flag set, which means they do NOT need activation. They are permanently activated in the manufacturing data. The only thing they need to be a developer unit is a developer key. One more reason to add to

Re: [OLPC Security] G1G1: Security, to enable or disable...

2008-06-03 Thread Samuel Klein
I continue to be uncomfortable that we are sending out restricted / locked-down machines without a clear need. The arguments made so far for this are 1. Getting G1G1 people to test security steps 2. Protecting G1G1 donors from installing anything but signed builds 3. Showing a pretty boot

Re: [OLPC Security] G1G1: Security, to enable or disable...

2008-06-03 Thread Michael Stone
Shipping G1G1 machines with NAND reflash locks enabled makes little sense to me. What good is protection against malicious reflash when any attacker who can perform a reflash has physical access to the device and has password-free root access in default configurations? Instead, the justification

Re: [OLPC Security] Bitfrost and dual-boot

2008-05-31 Thread Bert Freudenberg
On 30.05.2008, at 19:38, C. Scott Ananian wrote: In any case, the best response is clear: continue to work on the Linux software stack and ensure that it is simply better than the Windows alternative. I've heard a lot of sturm und drang, but am saddened that I haven't seen much help from

Re: [OLPC Security] Bitfrost and dual-boot

2008-05-30 Thread Bert Freudenberg
On 30.05.2008, at 07:33, [EMAIL PROTECTED] wrote: On Thu, 29 May 2008, C. Scott Ananian wrote: On Thu, May 29, 2008 at 6:03 PM, Michael Stone [EMAIL PROTECTED] wrote: On Thu, May 29, 2008 at 05:53:49PM -0400, Michael Stone wrote: On Thu, May 29, 2008 at 02:58:07PM -0600, Jameson Chema

Re: [OLPC Security] Bitfrost and dual-boot

2008-05-30 Thread C. Scott Ananian
On 5/30/08, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Thu, 29 May 2008, C. Scott Ananian wrote: And to elaborate: the idea is that untrusted code should not be running as the 'olpc' user: 'olpc' is a trusted account. Activities run/should be running as their own unique UUIDs, which are

Re: [OLPC Security] Bitfrost and dual-boot

2008-05-30 Thread C. Scott Ananian
On 5/30/08, Albert Cahalan [EMAIL PROTECTED] wrote: I can't imagine that a contract would mention it. It does. The Windows-only trials are phase I, and the dual-boot phase II is explicitly spelled out, with transition criteria to move to phase II related to the completion of OFW2. We raised

Re: [OLPC Security] Bitfrost and dual-boot

2008-05-29 Thread Michael Stone
On Thu, May 29, 2008 at 05:53:49PM -0400, Michael Stone wrote: On Thu, May 29, 2008 at 02:58:07PM -0600, Jameson Chema Quinn wrote: In recent builds, any process running as user OLPC can execute code as uid 0 via the setuid-0 user-olpc-executable /usr/bin/sudo. A small correction: in recent

Re: [OLPC Security] Bitfrost and dual-boot

2008-05-29 Thread C. Scott Ananian
On Thu, May 29, 2008 at 6:03 PM, Michael Stone [EMAIL PROTECTED] wrote: On Thu, May 29, 2008 at 05:53:49PM -0400, Michael Stone wrote: On Thu, May 29, 2008 at 02:58:07PM -0600, Jameson Chema Quinn wrote: In recent builds, any process running as user OLPC can execute code as uid 0 via the

Re: [OLPC Security] Bitfrost and dual-boot

2008-05-29 Thread Bobby Powers
On Fri, May 30, 2008 at 12:39 AM, C. Scott Ananian [EMAIL PROTECTED] wrote: On Thu, May 29, 2008 at 6:03 PM, Michael Stone [EMAIL PROTECTED] wrote: On Thu, May 29, 2008 at 05:53:49PM -0400, Michael Stone wrote: On Thu, May 29, 2008 at 02:58:07PM -0600, Jameson Chema Quinn wrote: In recent

Re: [OLPC Security] Bitfrost and dual-boot

2008-05-29 Thread Albert Cahalan
On Thu, May 29, 2008 at 7:31 PM, Bobby Powers [EMAIL PROTECTED] wrote: On Fri, May 30, 2008 at 12:39 AM, C. Scott Ananian [EMAIL PROTECTED] wrote: * Windows runs from an SD card, but there is not much space left on that SD card to store user files. User files are stored in NAND at the

Re: [OLPC Security] Bitfrost and dual-boot

2008-05-29 Thread Carol Lerche
Microsoft either will or won't use the NAND for its own purposes. However a third option beyond the dual boot or engulf and devour choices so far described, for a deployment that is more school-centric and less oriented toward laptop autonomy than the OLPC vision, would be to use network file

Re: [OLPC Security] Bitfrost and dual-boot

2008-05-29 Thread david
On Thu, 29 May 2008, C. Scott Ananian wrote: On Thu, May 29, 2008 at 6:03 PM, Michael Stone [EMAIL PROTECTED] wrote: On Thu, May 29, 2008 at 05:53:49PM -0400, Michael Stone wrote: On Thu, May 29, 2008 at 02:58:07PM -0600, Jameson Chema Quinn wrote: In recent builds, any process running as

Re: OLPC security project

2008-04-02 Thread Jeremy Flores
I think this might be a very interesting topic. I'm unsure as to what has or has not been investigated though... should I concentrate my analysis more on D-Bus, Telepathy, or how the presence service implements these and the logical paths the system takes to get to the service? If I should

OLPC security project

2008-03-28 Thread Jeremy Flores
Hi all, Does anyone know of any security-related projects that need to be worked on for OLPC? I am taking a computer and network security class, and I was thinking that Bitfrost would be an interesting topic for a final project we have. I poked around the wiki, but I couldn't find a security

Re: OLPC security project

2008-03-28 Thread Polychronis Ypodimatopoulos
Our presence algorithms should be evaluated in terms of security (impersonation, dos, mim, etc). A list of vulnerabilities should be analyzed and solutions should be proposed. More details will follow if interested. p. Jeremy Flores wrote: Hi all, Does anyone know of any security-related

Re: OLPC security project

2008-03-28 Thread Walter Bender
We just (in a somewhat terse manner) posted a status for the various Bitfrost components in the wiki (See http://wiki.laptop.org/go/Bitfrost#Current_Status). Perhaps you will find your inspiration there. -walter On Fri, Mar 28, 2008 at 10:37 AM, Polychronis Ypodimatopoulos [EMAIL PROTECTED]

RE:Subject: OLPC security project

2008-03-28 Thread Greg Smith (gregmsmi)
-- Message: 5 Date: Fri, 28 Mar 2008 10:27:07 -0400 From: Jeremy Flores [EMAIL PROTECTED] Subject: OLPC security project To: devel@lists.laptop.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hi all, Does anyone know of any security

Re: [OLPC Security] [sugar] secure /tmp and /var/tmp

2007-11-08 Thread Jim Gettys
I sympathize with Albert's point here: we should be no more incompatible than we have to be... Just because we have to break some things, doesn't mean we have to break everything. - Jim On Thu, 2007-11-08 at 10:42 -0500, Albert Cahalan wrote: On 11/8/07, Ivan