[Sugar-devel] Clocks on XOs

Bernie Innocenti bernie at codewiz.org
Tue Jul 6 22:14:49 EDT 2010 

On Tue, 2010-07-06 at 16:36 -0600, Daniel Drake wrote:
> On 6 July 2010 15:03, Bernie Innocenti <bernie at codewiz.org> wrote:
> > Well, granting root access from the console already weakens it to the
> > point of being useless. Who would bother to setup a fake DHCP, DNS and
> > NTP server when it takes 20 seconds to crack it from the console? :-)
> 
> Right. So with that logic, lets just throw out the whole security
> system. Ignoring the fact that some deployments ship without root
> access.

Is the practice of completely locking-down the laptops something we'd
even want to encourage? Assuming we don't, why should we cripple
time-syncing for everyone just to simplify an unsupported customization?


>  And that there are efforts to solve that in the future.

Oh, I was unaware of this. Who is working on it, and what's the exact
plan?


> Having ntp sync like this weakens the security system because it means
> that when you fix one problem (of easy root access, for example), you
> still have other ones that make your system easily defeatable.
> Instead, if you choose not to add more holes, once you fix the
> existing ones then you have a fully secure system.

Easy root access is not a security bug, it's a feature that OLPC
deliberately chose to give to all users. I even submitted a mingetty
patch adding --loginpause which we use to drop into the root console.

Why? Because, without root access, children would own the XO the same
way consumers own the iPhone and the TiVo.

They could crash the physical thing on the floor and burn it, but not
flip one bit without government's authorization. I may sound a bit
melodramatic, but a project of this kind wouldn't have inspired me to
volunteer even for one day.

Moralities apart, I guess anyone would agree on the purely technical
statement that we can't make OATS work effectively without also taking
away root privileges (or the best parts of it). Any half-hearted
compromise is likely to be as ineffective as it is annoying.


> > This isn't globally acceptable: many (most?) laptops run without a OATS
> > server, so their clock would remain wrong forever.
> 
> This picture is rapidly changing.

I thought the default was changed one year ago from locked to unlocked.

I would be surprised if many deployments had the technical skills to
deal comfortably with the complexity of the activation system, when it
is very challenging even for us.

We probably disagree here, but I think that in most cases OATS costs
more to maintain than its actual economical benefit. Admittedly, it
works very well at addressing a problem of fear that may play a big role
in influencing decision makers.

Come on, we all secretly know this and play dumb :-)

-- 
   // Bernie Innocenti - http://codewiz.org/
 \X/  Sugar Labs       - http://sugarlabs.org/

More information about the Devel mailing list