[Sugar-devel] Clocks on XOs
dsd at laptop.org
Tue Jul 6 18:36:55 EDT 2010
On 6 July 2010 15:03, Bernie Innocenti <bernie at codewiz.org> wrote:
> Well, granting root access from the console already weakens it to the
> point of being useless. Who would bother to setup a fake DHCP, DNS and
> NTP server when it takes 20 seconds to crack it from the console? :-)
Right. So with that logic, lets just throw out the whole security
system. Ignoring the fact that some deployments ship without root
access. And that there are efforts to solve that in the future.
Having ntp sync like this weakens the security system because it means
that when you fix one problem (of easy root access, for example), you
still have other ones that make your system easily defeatable.
Instead, if you choose not to add more holes, once you fix the
existing ones then you have a fully secure system.
> This isn't globally acceptable: many (most?) laptops run without a OATS
> server, so their clock would remain wrong forever.
This picture is rapidly changing.
> PS: I just found yet another laptop which won't activate because the
> clock was set to 15 July 2000 (not 2010!). Do you see many of these?
This was probably a human error in the Fix_clock repair process that
happened on that laptop.
More information about the Sugar-devel