[OLPC Security] Application bundles and delegation

Sat Feb 10 21:32:22 EST 2007

>
>
> This is not acceptable to OLPC's educational principles. "No lockdown"
> is really non-negotiable.

In my opinion the root user itself is the key of the security problems.
Maybe it's a better idea that part of the OS system and part of the programs
stay always the same since it's installed because there's no need to change
them if the user are supposed to use the service that the programs or the
system want to provide. The user can cut the electric power and reset or
reinstall the laptop, which is the ultimate control of the system I think.

> Tens of thousands of applications may have millions of rules of
> > permission request to announce. For example, the application App1 needs
> > the "execution" permission to App2, App3, and App4.

See if this is one, a GUI configuration application, like MySQL Admistrator,
configures some configuration files of MySQL, and it provides the util to
connect to a database from UI. Does it mean that the GUI app calls the mysql
app?

> With the p2p network, there's no need for the database, as the group
> > who use the laptops who know each other and have chances to see each
> > other from time to time can be the identity database itself.
>
> I don't understand. The reason the data is centralized is because it's
> confidential, and you don't want it to be available to everyone. I don't
> see how a P2P approach is even applicable to the problem. You can't
> really do a threshold scheme, so you'd have to manage the keys for
> encrypted replicas or shards centrally, which would re-introduce the
> exact same point of failure as before, after increasing complexity and
> brittleness several times over.

1. I don't see the need to put the data of the ownership of the laptops
confidential.
2. Would you please refer to some materials that I can study from, or teach
me briefly? I'm not sure what the technical problem is.

> Actually I didn't find how to disfunction the laptop after it's lost
> > from the spec
>
> Section 8.19.

Simply  shutdown the laptops after the expiration date seems to me a rude
and reckless idea. This gives an excuse to those who don't want the pupils
to waste time on the laptops. For example, the teachers are sick of the
questions popped out from the pupils when they use the laptops. Then they
just delay the USB drive connection until all laptops are out of function or
they simply declares that the USB drive is missing, where there's hardly any
access to the Internet, which is very common in the mountain area. After
that, the OLPC may receive a report that all the laptops has been stolen or
lost or out of function. You don't want that to happen, right?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.laptop.org/pipermail/security/attachments/20070211/4c402066/attachment.html