Re: setup for XO development

2008-11-04 Thread Paolo
Michael Stone wrote:
 On Thu, Oct 30, 2008 at 02:55:00PM +0100, Paolo wrote:
 Hello,

 I would like to try out the XO software and get started with doing some
 development.

 As I am a security guy, I am mostly interested in core development,
 especially bitfrost/rainbow, and the document store. 

 Music to my ears!
Unfortunately, I was hit by a truckload of work just as I was getting
started. But I will try again in a few weeks, and get back to you when I
am at least familiar with some of the code.

 If you haven't already found them, please check out

   http://wiki.laptop.org/go/Rainbow and
   http://wiki.laptop.org/go/Security

 There are a bunch 'TODOs' on those pages where your assistance would be
 most welcome, or if you prefer, you might suggest some topics that
 interest you.
Thanks, I did look around on those pages. I think rainbow is really
cool. I find it much less taxing on my braincells than a vserver based
approach.

ciao
Paolo Milani
___
Devel mailing list
Devel@lists.laptop.org
http://lists.laptop.org/listinfo/devel


Re: setup for XO development

2008-11-02 Thread Marco Pesenti Gritti
On Fri, Oct 31, 2008 at 2:25 PM, Bobby Powers [EMAIL PROTECTED] wrote:
 very interesting.  you mentioned working to integrate rainbow with
 sugar-jhbuid.  It seems like that should be using this native version.
  If we're not using the d-bus daemon, would we then have to start
 jhbuild with 'sudo'?  Do you have any further pointers on what to look
 out for when trying to integrate it into jhbuild?

I think the idea is to make it trivial to install rainbow in the
system by providing deb and rpms of it. Then jhbuild can run using
rainbow.

Marco
___
Devel mailing list
Devel@lists.laptop.org
http://lists.laptop.org/listinfo/devel


Re: setup for XO development

2008-10-31 Thread Bobby Powers
On Fri, Oct 31, 2008 at 12:12 AM, Michael Stone [EMAIL PROTECTED] wrote:
 On Thu, Oct 30, 2008 at 04:35:30PM -0500, David Farning wrote:
On Thu, Oct 30, 2008 at 4:18 PM, Michael Stone [EMAIL PROTECTED] wrote:
 Actually, for a variety of reasons, I'm working quite hard to make
 rainbow usable on stock linux machines like those represented by
 Debian and Fedora chroots.


Michael,
Could you provide a high level comment on the feasibility of running rainbow
as a security mechanism on Sugar on Fedora of Debian machines without the
chroot?

 Feasible, but it would go faster with some help. (The chroots are just
 for convenience so I can test both platforms in a repeatable fashion on
 a single machine.)

 In more detail:

  * I've got a new version of rainbow in the works which sits as an
exec-wrapper around any program you want to run. I've also got
tentative sugar patches for making sugar use this rainbow.

  * When invoked, rainbow generates new credentials (e.g. uid, gid) if
necessary, assumes its new identity, sets any requested rlimits,
closes filedescriptors, and hands over control to the program of your
choice.

 * The user and group manipulation is accomplished by manipulating
   some files in a spool directory at the location of your choice; a
   separate glibc NSS module reads this information and returns it
   through the standard libc apis on demand.

  * Human operators assume the authority necessary to perform this
operation by means of a setuid helper, e.g. sudo.

 This design makes it eminently feasible to port to any glibc-based Unix
 platform and, with a bit more care, to any POSIX platform on which we
 know how to make new users and groups and are permitted to assume their
 identity.

 Caveats:

   a) the implementation is not yet capable of isolating multiple human
   operators from one another, though I expect to implement this
   functionality in the not-too-distant-future.

   b) the implementation provides nothing more and nothing less than the
   isolation provided by running programs under fresh uids and gids. Many
   sorts of mischief are still possible, particularly on systems which
   set lax default permissions on user home directories (e.g. Debian).

   c) the implementation is quite new and is hence highly likely to
   contain bugs, unstable APIs, etc.

   d) rainbow is still written in fairly naive python and it pays the
   usual speed and memory price for this convenience. (It also uses at
   least one naive algorithm when selecting new credentials.)

   e) I have removed support for the rainbow dbus daemon since it was
   needlessly complicating my life. It remains to be seen whether
   activities' startup procedures can be sped up enough to sustain this
   change.

 For these reasons, the new implementation is still far from 'production
 quality'; however, that's no reason not to start trying it out. (Code is
 available in the 'integration' branch in the users/mstone/security and
 users/mstone/nss-rainbow repos on dev.laptop.org.)

very interesting.  you mentioned working to integrate rainbow with
sugar-jhbuid.  It seems like that should be using this native version.
  If we're not using the d-bus daemon, would we then have to start
jhbuild with 'sudo'?  Do you have any further pointers on what to look
out for when trying to integrate it into jhbuild?

yours,
Bobby
___
Devel mailing list
Devel@lists.laptop.org
http://lists.laptop.org/listinfo/devel


setup for XO development

2008-10-30 Thread Paolo
Hello,

I would like to try out the XO software and get started with doing some
development.

As I am a security guy, I am mostly interested in core development,
especially bitfrost/rainbow, and the document store. I expect an
emulated environment would be a good choice for this type of development.

I followed instructions on the wiki and tried to set up virtualbox 
(because it's what I already use, I have no problems switching to
kvm/qemu if needed, although unfortunately the 2 will not run side by
side on the same system).

The image I am using is the official build 767:
 xo-1-olpc-stream-8.2-build-767-20081001_1633-devel_ext3.img.bz2
on an amd64 ubuntu hardy, with latest non-free virtualbox (2.0.4).
 
..but I ran into the 3dnow problem that other people have complained
about already. When booting, I get the following message:

This kernel requires the following features not present on the CPU:
3dnow
Unable to boot - please use a kernel appropriate for your CPU.

Should I try kvm/qemu to solve this problem? Or are there other olpc
images I should be using?

Or should I try running it natively? I would rather not have to dual-boot...

Or, finally, should I rebuild myself an image from scratch, with a
non-3dnow kernel?

I'm not afraid to try any of these options but I'd rather not have to
try them all before I get anything working, which is why I am asking for
help  ;-) 

thanks,
Paolo Milani

___
Devel mailing list
Devel@lists.laptop.org
http://lists.laptop.org/listinfo/devel


Re: setup for XO development

2008-10-30 Thread Michael Stone
On Thu, Oct 30, 2008 at 02:55:00PM +0100, Paolo wrote:
Hello,

I would like to try out the XO software and get started with doing some
development.

As I am a security guy, I am mostly interested in core development,
especially bitfrost/rainbow, and the document store. 

Music to my ears!

If you haven't already found them, please check out

   http://wiki.laptop.org/go/Rainbow and
   http://wiki.laptop.org/go/Security

There are a bunch 'TODOs' on those pages where your assistance would be
most welcome, or if you prefer, you might suggest some topics that
interest you.

I expect an emulated environment would be a good choice for this type
of development.

Actually, for a variety of reasons, I'm working quite hard to make
rainbow usable on stock linux machines like those represented by
Debian and Fedora chroots.

Therefore, if you can show me interesting rainbow patches that work in
those environments, I'm quite likely to take them. 

Regards,

Michael

P.S. - One long-standing request which might interest you is to
integrate rainbow into the sugar-jhbuild system used by many sugar
developers so that they conduct their regular development in an
environment more similar to that found on-XO. A nice side-benefit of
this task is that you would become well-equipped to participate in
further sugar-related and tinderbox-related development in the natural
course of fulfilling the task.

P.P.S. - What are you thinking about document storage?
___
Devel mailing list
Devel@lists.laptop.org
http://lists.laptop.org/listinfo/devel


Re: setup for XO development

2008-10-30 Thread David Farning
On Thu, Oct 30, 2008 at 4:18 PM, Michael Stone [EMAIL PROTECTED] wrote:

 On Thu, Oct 30, 2008 at 02:55:00PM +0100, Paolo wrote:
 Hello,
 
 I would like to try out the XO software and get started with doing some
 development.
 
 As I am a security guy, I am mostly interested in core development,
 especially bitfrost/rainbow, and the document store.

 Music to my ears!

 If you haven't already found them, please check out

   http://wiki.laptop.org/go/Rainbow and
   http://wiki.laptop.org/go/Security

 There are a bunch 'TODOs' on those pages where your assistance would be
 most welcome, or if you prefer, you might suggest some topics that
 interest you.

 I expect an emulated environment would be a good choice for this type
 of development.

 Actually, for a variety of reasons, I'm working quite hard to make
 rainbow usable on stock linux machines like those represented by
 Debian and Fedora chroots.


Michael,
Could you provide a high level comment on the feasibility of running rainbow
as a security mechanism on Sugar on Fedora of Debian machines without the
chroot?

thanks
david



 Therefore, if you can show me interesting rainbow patches that work in
 those environments, I'm quite likely to take them.

 Regards,

 Michael

 P.S. - One long-standing request which might interest you is to
 integrate rainbow into the sugar-jhbuild system used by many sugar
 developers so that they conduct their regular development in an
 environment more similar to that found on-XO. A nice side-benefit of
 this task is that you would become well-equipped to participate in
 further sugar-related and tinderbox-related development in the natural
 course of fulfilling the task.

 P.P.S. - What are you thinking about document storage?
 ___
 Devel mailing list
 Devel@lists.laptop.org
 http://lists.laptop.org/listinfo/devel

___
Devel mailing list
Devel@lists.laptop.org
http://lists.laptop.org/listinfo/devel


Re: setup for XO development

2008-10-30 Thread Michael Stone
On Thu, Oct 30, 2008 at 04:35:30PM -0500, David Farning wrote:
On Thu, Oct 30, 2008 at 4:18 PM, Michael Stone [EMAIL PROTECTED] wrote:
 Actually, for a variety of reasons, I'm working quite hard to make
 rainbow usable on stock linux machines like those represented by
 Debian and Fedora chroots.


Michael,
Could you provide a high level comment on the feasibility of running rainbow
as a security mechanism on Sugar on Fedora of Debian machines without the
chroot?

Feasible, but it would go faster with some help. (The chroots are just
for convenience so I can test both platforms in a repeatable fashion on
a single machine.)

In more detail: 

  * I've got a new version of rainbow in the works which sits as an
exec-wrapper around any program you want to run. I've also got
tentative sugar patches for making sugar use this rainbow.

  * When invoked, rainbow generates new credentials (e.g. uid, gid) if
necessary, assumes its new identity, sets any requested rlimits,
closes filedescriptors, and hands over control to the program of your
choice.

 * The user and group manipulation is accomplished by manipulating
   some files in a spool directory at the location of your choice; a
   separate glibc NSS module reads this information and returns it
   through the standard libc apis on demand. 
   
  * Human operators assume the authority necessary to perform this
operation by means of a setuid helper, e.g. sudo. 

This design makes it eminently feasible to port to any glibc-based Unix
platform and, with a bit more care, to any POSIX platform on which we
know how to make new users and groups and are permitted to assume their
identity.

Caveats: 

   a) the implementation is not yet capable of isolating multiple human
   operators from one another, though I expect to implement this
   functionality in the not-too-distant-future.

   b) the implementation provides nothing more and nothing less than the
   isolation provided by running programs under fresh uids and gids. Many
   sorts of mischief are still possible, particularly on systems which
   set lax default permissions on user home directories (e.g. Debian).

   c) the implementation is quite new and is hence highly likely to
   contain bugs, unstable APIs, etc.

   d) rainbow is still written in fairly naive python and it pays the
   usual speed and memory price for this convenience. (It also uses at
   least one naive algorithm when selecting new credentials.)

   e) I have removed support for the rainbow dbus daemon since it was
   needlessly complicating my life. It remains to be seen whether
   activities' startup procedures can be sped up enough to sustain this
   change.

For these reasons, the new implementation is still far from 'production
quality'; however, that's no reason not to start trying it out. (Code is
available in the 'integration' branch in the users/mstone/security and
users/mstone/nss-rainbow repos on dev.laptop.org.)

Regards,

Michael
___
Devel mailing list
Devel@lists.laptop.org
http://lists.laptop.org/listinfo/devel