Fwd: [OLPC Security] Securing the laptop: First pass for some basics.

Tim Flavin tim.flavin at gmail.com
Sat Jul 15 23:07:06 EDT 2006 

---------- Forwarded message ----------
From: Tim Flavin <tim.flavin at gmail.com>
Date: Jul 11, 2006 4:23 PM
Subject: Re: [OLPC Security] Securing the laptop: First pass for some basics.
To: Simson Garfinkel <simsong at acm.org>


On 7/11/06, Simson Garfinkel <simsong at acm.org> wrote:
> To continue my posting...
>
>
> It makes a lot of sense to consider "undo" and "redo" features.
> However, what is your model for how the laptop entered a broken
> configuration to begin with?
>         -> If it was a hostile act, then the hostile software would surely
> have patched, broken, or deleted the backup copies.

I am trying to protect against anything but a compromised BIOS.
This includes user experiments, accidents, and hostile acts.
In the worst case you would have to attach a disk to the laptop's
USB port and boot from it, but the BIOS would be able to verify  the
integrity of the system it was booting from.  (Modifying the Linux BIOS
will be a later phase of the project.  The first phase is to get an AIDE
like Python script to verify the integrity of the system, and fix it if
necessary.)

>
> My preferred way of fixing a laptop is to attach it to a known-good
> laptop using the "target" mode described in my previous message. Boot
> the broken laptop in target mode, connect with with a USB A -> USB A
> cable to a known good laptop, and have the known good laptop either:
>         a. repair the disk
>         b. reinstall the operating system.
>         c. wipe the laptop and start over.
>

Nice if you can do it, but this laptop can't do it.  Even the next
generation hardware
will require (trusted) software running on the target laptop.  We can
do a, b, and c,
but we have to at least trust the (Linux) BIOS.

>
> Something else from the post bothered me:
> >
> >> Good point.  I was hopeing that there would not be a lot of
> >> configuration
> >> files. Hostname and password files would be special cases. Most of
> >> the other
> >> files I can think of are .profile type files in /home/*.  We can
> >> back these
> >> up and replace them with working default files and let the student
> >> replace them with the backups. This program is mostly intended to
> >> help
> >> people who don't edit a lot of files in /etc.
>
>
> I realize that most of the people working at Laptop eat and breathe
> Unix, but do you really think that it's a good idea to have .profile
> files?  I think that it makes a of sense to do away with startup and
> configuration files as much as possible.
>
I do NOT like .profile files.  I want to do away with start up and configuration
files, but in earlier in this thread, Jim G. was not letting me ignore them.
Doing away with start up and configurations files is a great thing, but that is
a different project.  I am trying to do an integrity checker that can
fix problems
without getting tangled up in configuration files. (Looks like I am not doing a
good job.)  I hope Chris has some good ideas.
>
>
Tim Flavin

More information about the Security mailing list