Anti-theft vs RTC (Was Re: NetworkManager time sync)
hmurray at megapathdsl.net
Tue Jul 6 14:32:25 EDT 2010
cscott at laptop.org said:
>> While we have your attention on this topic...
>> Do you not think that this is a security issue? In that a thief could
>> put a laptop on a network with rigged DNS and have control over the
>> time/date on the laptop?
> A sane security system would let the user control their local time, without
> jeopardizing security based on server (or "firmware") time.
That's hard to do if the user is root.
I'm far from a wizard on this area, but I think the key idea is that there is
only one RTC and there isn't any reasonable way for the firmware to hide it
from the OS. So if you let the user become root, they can set the RTC back
and keep using an old lease as long as they can hide from the anti-theft
server at boot time.
I think a thief could do useful work on a stolen XO as long as they are
willing to run with the clock set incorrectly (to bypass the firmware
boot-time checks) and they are smart enough to disable any non-firmware
security checks. They would have to avoid booting near an anti-theft
(school) server and/or hide behind a firewall that would filter it out.
Is there a good high level description of how the current anti-theft works?
I've found these:
The first two are full of commands to type to use the current anti-theft
setup, but there isn't much discussion of the big picture. The Bitfrost doc
was last edited in Feb 2007.
I haven't found a discussion of the set-the-clock-back case.
The Bitfrost doc describes an anti-theft daemon running on the XO at:
It also expects file protection for the critical parts of the OS as described
Has that been implemented? If so, how, and where do I find more info? I
don't remember any discussion of that topic.
There is also discussion of maintaining a per program view of the RTC at:
I don't think that's been implemented either.
It's probably possible to make the anti-theft stuff significantly more robust
in this area. I think it would be a lot of work. The two chunks of Bitfrost
above would be a good start. I'm not sure they are sufficient and/or there
may be simpler ways.
Security is hard.
These are my opinions, not necessarily my employer's. I hate spam.
More information about the Devel