owner id in .sugar/default/

Ivan Krstić krstic at solarsail.hcs.harvard.edu
Wed May 16 22:04:50 EDT 2007


Hal Murray wrote:
> That feels like the tip of a security iceberg.  Somebody has to be able to 
> authorize access to data on the server without the appropriate key, including 
> getting the key.
> I don't think that's anything new from the computer security standpoint.  You 
> have to trust your sysadmin.  The interesting part for OLPC will be bringing 
> the local sysadmins up to speed on security.

Correct. I explained this to people in today's security meeting: the
school server maintains a UUID <-> child identity mapping. Backups are
identified as belonging to a particular UUID. A teacher can log into the
school server and use a graphical interface to reassign existing backups
for a particular UUID to another UUID by modifying the mapping. This
covers laptop destruction or exchange for any reason.

Once the kids are old enough that they're worried about the teacher
using a spare XO to invade their privacy, they will have an option at
their disposal to set a password and/or stop backing up their private
key to the server, in which case they are also responsible for having an
external copy of that key in the event of laptop destruction, or will
not be able to restore their old backups.

For more details, see P_DOCUMENT_BACKUP and P_PASSWORD in
http://wiki.laptop.org/go/OLPC_Bitfrost .

-- 
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | GPG: 0x147C722D



More information about the Devel mailing list