owner id in .sugar/default/

Holger Levsen holger at layer-acht.org
Thu May 17 10:07:20 EDT 2007 

Hi,

On Thursday 17 May 2007 04:04, Ivan Krstić wrote:
> Hal Murray wrote:
> > That feels like the tip of a security iceberg.  Somebody has to be able
> > to authorize access to data on the server without the appropriate key,
> > including getting the key.
> > I don't think that's anything new from the computer security standpoint. 
> > You have to trust your sysadmin.  The interesting part for OLPC will be
> > bringing the local sysadmins up to speed on security.

I agree.

> Correct. I explained this to people in today's security meeting: the
> school server maintains a UUID <-> child identity mapping. Backups are
> identified as belonging to a particular UUID. A teacher can log into the
> school server and use a graphical interface to reassign existing backups
> for a particular UUID to another UUID by modifying the mapping. This
> covers laptop destruction or exchange for any reason.

Yup. But it would also be nice, if the pupils can ask the server for their 
backups, without going via the teacher. For that, an access key on the laptop 
would be needed. (So that it's not possible to request someone elses backup.)

In case the laptop breaks or is stolen, the backup should be accessable via 
the teacher. (And a new laptop key needs to be genereated.)

So IMHO the backup has to be stored encrypted twice: once with a school key, 
and once with a laptop key (kids key). And it would surely be nice, if the 
laptop keys survives reflashing the laptop.

> Once the kids are old enough that they're worried about the teacher
> using a spare XO to invade their privacy,

I dont think the teachers are the (biggest) security threat here. Random 
strangers on the other side of the street are more worrysome IMHO. (As we all 
know, strangers with candy... ;-)

> For more details, see P_DOCUMENT_BACKUP and P_PASSWORD in
> http://wiki.laptop.org/go/OLPC_Bitfrost .

Neither P_DOCUMENT_BACKUP nor P_PASSWORD seem complete to me. Also it says 
that http://wiki.laptop.org/go/Bitfrost is the authoritive version, which is 
much less specific. Is there a process to finalize the document and make it 
binding?

I joined the security list today.


regards,
	Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.laptop.org/pipermail/devel/attachments/20070517/b7ed766d/attachment.sig>

More information about the Devel mailing list