Re: setup for XO development
Michael Stone wrote: > On Thu, Oct 30, 2008 at 02:55:00PM +0100, Paolo wrote: >> Hello, >> >> I would like to try out the XO software and get started with doing some >> development. >> >> As I am a security guy, I am mostly interested in core development, >> especially bitfrost/rainbow, and the document store. > > Music to my ears! Unfortunately, I was hit by a truckload of work just as I was getting started. But I will try again in a few weeks, and get back to you when I am at least familiar with some of the code. > If you haven't already found them, please check out > > http://wiki.laptop.org/go/Rainbow and > http://wiki.laptop.org/go/Security > > There are a bunch 'TODOs' on those pages where your assistance would be > most welcome, or if you prefer, you might suggest some topics that > interest you. Thanks, I did look around on those pages. I think rainbow is really cool. I find it much less taxing on my braincells than a vserver based approach. ciao Paolo Milani ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: setup for XO development
On Fri, Oct 31, 2008 at 2:25 PM, Bobby Powers <[EMAIL PROTECTED]> wrote: > very interesting. you mentioned working to integrate rainbow with > sugar-jhbuid. It seems like that should be using this native version. > If we're not using the d-bus daemon, would we then have to start > jhbuild with 'sudo'? Do you have any further pointers on what to look > out for when trying to integrate it into jhbuild? I think the idea is to make it trivial to install rainbow in the system by providing deb and rpms of it. Then jhbuild can run using rainbow. Marco ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: setup for XO development
On Fri, Oct 31, 2008 at 12:12 AM, Michael Stone <[EMAIL PROTECTED]> wrote: > On Thu, Oct 30, 2008 at 04:35:30PM -0500, David Farning wrote: >>On Thu, Oct 30, 2008 at 4:18 PM, Michael Stone <[EMAIL PROTECTED]> wrote: >>> Actually, for a variety of reasons, I'm working quite hard to make >>> rainbow usable on stock linux machines like those represented by >>> Debian and Fedora chroots. >>> >> >>Michael, >>Could you provide a high level comment on the feasibility of running rainbow >>as a security mechanism on Sugar on Fedora of Debian machines without the >>chroot? > > Feasible, but it would go faster with some help. (The chroots are just > for convenience so I can test both platforms in a repeatable fashion on > a single machine.) > > In more detail: > > * I've got a new version of rainbow in the works which sits as an >exec-wrapper around any program you want to run. I've also got >tentative sugar patches for making sugar use this rainbow. > > * When invoked, rainbow generates new credentials (e.g. uid, gid) if >necessary, assumes its new identity, sets any requested rlimits, >closes filedescriptors, and hands over control to the program of your >choice. > > * The user and group manipulation is accomplished by manipulating > some files in a spool directory at the location of your choice; a > separate glibc NSS module reads this information and returns it > through the standard libc apis on demand. > > * Human operators assume the authority necessary to perform this >operation by means of a setuid helper, e.g. sudo. > > This design makes it eminently feasible to port to any glibc-based Unix > platform and, with a bit more care, to any POSIX platform on which we > know how to make new users and groups and are permitted to assume their > identity. > > Caveats: > > a) the implementation is not yet capable of isolating multiple human > operators from one another, though I expect to implement this > functionality in the not-too-distant-future. > > b) the implementation provides nothing more and nothing less than the > isolation provided by running programs under fresh uids and gids. Many > sorts of mischief are still possible, particularly on systems which > set lax default permissions on user home directories (e.g. Debian). > > c) the implementation is quite new and is hence highly likely to > contain bugs, unstable APIs, etc. > > d) rainbow is still written in fairly naive python and it pays the > usual speed and memory price for this convenience. (It also uses at > least one naive algorithm when selecting new credentials.) > > e) I have removed support for the rainbow dbus daemon since it was > needlessly complicating my life. It remains to be seen whether > activities' startup procedures can be sped up enough to sustain this > change. > > For these reasons, the new implementation is still far from 'production > quality'; however, that's no reason not to start trying it out. (Code is > available in the 'integration' branch in the users/mstone/security and > users/mstone/nss-rainbow repos on dev.laptop.org.) very interesting. you mentioned working to integrate rainbow with sugar-jhbuid. It seems like that should be using this native version. If we're not using the d-bus daemon, would we then have to start jhbuild with 'sudo'? Do you have any further pointers on what to look out for when trying to integrate it into jhbuild? yours, Bobby ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: setup for XO development
On Thu, Oct 30, 2008 at 04:35:30PM -0500, David Farning wrote: >On Thu, Oct 30, 2008 at 4:18 PM, Michael Stone <[EMAIL PROTECTED]> wrote: >> Actually, for a variety of reasons, I'm working quite hard to make >> rainbow usable on stock linux machines like those represented by >> Debian and Fedora chroots. >> > >Michael, >Could you provide a high level comment on the feasibility of running rainbow >as a security mechanism on Sugar on Fedora of Debian machines without the >chroot? Feasible, but it would go faster with some help. (The chroots are just for convenience so I can test both platforms in a repeatable fashion on a single machine.) In more detail: * I've got a new version of rainbow in the works which sits as an exec-wrapper around any program you want to run. I've also got tentative sugar patches for making sugar use this rainbow. * When invoked, rainbow generates new credentials (e.g. uid, gid) if necessary, assumes its new identity, sets any requested rlimits, closes filedescriptors, and hands over control to the program of your choice. * The user and group manipulation is accomplished by manipulating some files in a spool directory at the location of your choice; a separate glibc NSS module reads this information and returns it through the standard libc apis on demand. * Human operators assume the authority necessary to perform this operation by means of a setuid helper, e.g. sudo. This design makes it eminently feasible to port to any glibc-based Unix platform and, with a bit more care, to any POSIX platform on which we know how to make new users and groups and are permitted to assume their identity. Caveats: a) the implementation is not yet capable of isolating multiple human operators from one another, though I expect to implement this functionality in the not-too-distant-future. b) the implementation provides nothing more and nothing less than the isolation provided by running programs under fresh uids and gids. Many sorts of mischief are still possible, particularly on systems which set lax default permissions on user home directories (e.g. Debian). c) the implementation is quite new and is hence highly likely to contain bugs, unstable APIs, etc. d) rainbow is still written in fairly naive python and it pays the usual speed and memory price for this convenience. (It also uses at least one naive algorithm when selecting new credentials.) e) I have removed support for the rainbow dbus daemon since it was needlessly complicating my life. It remains to be seen whether activities' startup procedures can be sped up enough to sustain this change. For these reasons, the new implementation is still far from 'production quality'; however, that's no reason not to start trying it out. (Code is available in the 'integration' branch in the users/mstone/security and users/mstone/nss-rainbow repos on dev.laptop.org.) Regards, Michael ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: setup for XO development
On Thu, Oct 30, 2008 at 4:18 PM, Michael Stone <[EMAIL PROTECTED]> wrote: > On Thu, Oct 30, 2008 at 02:55:00PM +0100, Paolo wrote: > >Hello, > > > >I would like to try out the XO software and get started with doing some > >development. > > > >As I am a security guy, I am mostly interested in core development, > >especially bitfrost/rainbow, and the document store. > > Music to my ears! > > If you haven't already found them, please check out > > http://wiki.laptop.org/go/Rainbow and > http://wiki.laptop.org/go/Security > > There are a bunch 'TODOs' on those pages where your assistance would be > most welcome, or if you prefer, you might suggest some topics that > interest you. > > >I expect an emulated environment would be a good choice for this type > >of development. > > Actually, for a variety of reasons, I'm working quite hard to make > rainbow usable on stock linux machines like those represented by > Debian and Fedora chroots. > Michael, Could you provide a high level comment on the feasibility of running rainbow as a security mechanism on Sugar on Fedora of Debian machines without the chroot? thanks david > Therefore, if you can show me interesting rainbow patches that work in > those environments, I'm quite likely to take them. > > Regards, > > Michael > > P.S. - One long-standing request which might interest you is to > integrate rainbow into the sugar-jhbuild system used by many sugar > developers so that they conduct their regular development in an > environment more similar to that found on-XO. A nice side-benefit of > this task is that you would become well-equipped to participate in > further sugar-related and tinderbox-related development in the natural > course of fulfilling the task. > > P.P.S. - What are you thinking about document storage? > ___ > Devel mailing list > Devel@lists.laptop.org > http://lists.laptop.org/listinfo/devel > ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: setup for XO development
On Thu, Oct 30, 2008 at 02:55:00PM +0100, Paolo wrote: >Hello, > >I would like to try out the XO software and get started with doing some >development. > >As I am a security guy, I am mostly interested in core development, >especially bitfrost/rainbow, and the document store. Music to my ears! If you haven't already found them, please check out http://wiki.laptop.org/go/Rainbow and http://wiki.laptop.org/go/Security There are a bunch 'TODOs' on those pages where your assistance would be most welcome, or if you prefer, you might suggest some topics that interest you. >I expect an emulated environment would be a good choice for this type >of development. Actually, for a variety of reasons, I'm working quite hard to make rainbow usable on stock linux machines like those represented by Debian and Fedora chroots. Therefore, if you can show me interesting rainbow patches that work in those environments, I'm quite likely to take them. Regards, Michael P.S. - One long-standing request which might interest you is to integrate rainbow into the sugar-jhbuild system used by many sugar developers so that they conduct their regular development in an environment more similar to that found on-XO. A nice side-benefit of this task is that you would become well-equipped to participate in further sugar-related and tinderbox-related development in the natural course of fulfilling the task. P.P.S. - What are you thinking about document storage? ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
