[OLPC Security] A mom's worries
acahalan at gmail.com
Thu Nov 29 22:32:27 EST 2007
>> The notion of malware for *nix systems (including Linux)
>> isn't all *that* far-fetched.
> Totally. I've worked on lots of incident response cases involving hacked
> *nix systems, from botnets to DDOS Trojans to straightforward data
> thefts. The main different between these and Windows incidents is that
> the Linux exploits were consistently more traditional-- ie they tend to
> work by exploiting web servers or brute-forcing account passwords--
Neither of those will work to attack the XO. You're spreading FUD.
You haven't even described a semi-plausible exploit.
Currently there isn't a web server on the XO.
Passwords are a non-issue. Physical access is the control.
The ssh server won't allow access to an account without a password,
so that's actually better than the strongest password you can
possibly make. As for "su", that can be stopped in a number of
ways. (enable the "wheel" group, file-on-file mount to make "su"
be an empty file, etc.)
Remember: every time you start an activity, a new throw-away user
account is created just for running that activity. A previous
implementation used vserver, which is OS-level virtualization
similar to Solaris zones and FreeBSD jails. A future implementation
could go back to that, or could switch to throw-away SE Linux
security contexts. No matter the implementation details, this
type of security prevents an attacker from messing with the
user's files. Changing .bashrc just isn't going to work.
> while in the Windows world the trend has been moving more toward
> client-side exploits, phishing, etc.
> Now that a large number of kids will be in possession of modified Linux
> systems, I suspect we'll start seeing an increase in client-side Linux
> exploits, too.
>> Access as an ordinary user is all that's required (in general ) to
>> set up outbound network connections, run processes in the background,
>> etc. A spam-bot doesn't need root access.
> Great point!
If it happens, it's a minor annoyance. The spam-bot dies when
the user closes the infected activity. Always remember that
the activities do not get access to the home directory. This is
not regular old UNIX security, where everything the user runs
will get full access to the user's files.
Getting out to the general OS would require a very serious
kernel bug. These are extremely rare. In the unlikely event
that such a bug started causing problems, the firmware will
let you install a fix. Firmware replacement, in case you were
thinking of it, is blocked by hardware before the OS gains
control of the CPU.
More information about the Security