[OLPC Security] Securing the laptop: First pass for some basics.
Simson Garfinkel
simsong at acm.org
Tue Jul 11 08:42:16 EDT 2006
To continue my posting...
> Tim Flavin wrote:
>
>> This program would run in several modes. The beginner could use
>> it to fix
>> problems get his laptop back in working order. This would be the
>> equivalent of a
>> partial reload. For more advanced students, it can flag the files
>> and let
>> them decide what to do.
>> My basic aim is to be able to quickly see if the system is OK and
>> give a
>> "FIX IT" button to inexperienced user. (We may have a lot of them
>> soon.)
It makes a lot of sense to consider "undo" and "redo" features.
However, what is your model for how the laptop entered a broken
configuration to begin with?
-> If it was a hostile act, then the hostile software would surely
have patched, broken, or deleted the backup copies.
My preferred way of fixing a laptop is to attach it to a known-good
laptop using the "target" mode described in my previous message. Boot
the broken laptop in target mode, connect with with a USB A -> USB A
cable to a known good laptop, and have the known good laptop either:
a. repair the disk
b. reinstall the operating system.
c. wipe the laptop and start over.
Something else from the post bothered me:
>
>> Good point. I was hopeing that there would not be a lot of
>> configuration
>> files. Hostname and password files would be special cases. Most of
>> the other
>> files I can think of are .profile type files in /home/*. We can
>> back these
>> up and replace them with working default files and let the student
>> replace them with the backups. This program is mostly intended to
>> help
>> people who don't edit a lot of files in /etc.
I realize that most of the people working at Laptop eat and breathe
Unix, but do you really think that it's a good idea to have .profile
files? I think that it makes a of sense to do away with startup and
configuration files as much as possible.
More information about the Security
mailing list