It was unfortunate that I forgot to pack one of my Play machine shirts, I ended up attending a meeting of the SDForum [2] on the topic of Cloud Security (it was a joint meeting of the Cloud Services and Security SIGs) and it would have been good to have been wearing a root password.

• [1] http://www.coker.com.au/selinux/play.html
• [2] http://www.sdforum.org/

deb http://www.coker.com.au squeeze selinux

I’ve created the above APT repository for Squeeze which has a package that fixes this bug. I will continue to use that repository for a variety of SE Linux patches to Squeeze packages, at the moment it’s packages from Unstable but I will also modify released packages as needed.

The bug report #498684 has a fix for a trivial uninitialised variable bug. The fix is also in my build.

Also I filed the bug report #556648 about the internal version of sftp being
incompatible with SE Linux (it doesn’t involve an exec so the context doesn’t change). The correct thing to do is for sshd to refuse to run an internal sftpd at least if the system is in enforcing mode, and probably even in permissive mode.

deb http://www.coker.com.au lenny selinux

Update: I’ve also backported my sshd changes to Lenny at the above APT repository.

On the 24th of August this year I noticed the following on my SE Linux Play Machine [1]:
root@play:/root# df
Filesystem          1K-blocks      Used Available Use% Mounted on
/dev/hda              1032088    938648    41012  96% /
tmpfs                    51296        0    51296  0% /lib/init/rw
udev                    10240        24    10216  1% /dev
tmpfs                    51296        4    51292  1% /dev/shm
/dev/hdb                516040    17128    472700  4% /root
/dev/hdc                  1024        8      1016  1% /tmp
overflow                  1024        8      1016  1% /tmp

The kernel message log had the following:
[210511.546152] su[769]: segfault at 0 ip b7e324e3 sp bfa4b064
error 4 in libc-2.7.so[b7dbb000+158000]
[210561.527839] su[778]: segfault at 0 ip b7eb14e3 sp bfec84d4 error 4 in
libc-2.7.so[b7e3a000+158000]
[210585.270372] su[784]: segfault at 0 ip b7e044e3 sp bff1b534 error 4 in
libc-2.7.so[b7d8d000+158000]
[210595.855278] su[789]: segfault at 0 ip b7e014e3 sp bfd18324 error 4 in
libc-2.7.so[b7d8a000+158000]
[210639.496847] su[796]: segfault at 0 ip b7e874e3 sp bf99e7b4 error 4 in
libc-2.7.so[b7e10000+158000]

Naturally this doesn’t look good, the filesystem known as “overflow” indicates a real problem. It appears that the machine was compromised. So I’ve made archival copies of all the data and reinstalled it.

As the weather here is becoming warmer I’ve used new hardware for my new Play Machine. The old system was a 1.8GHz Celeron with 1280M of RAM and two IDE disks in a RAID-1 array. The new system is a P3-800 with 256M of RAM and a single IDE disk. It’s a Compaq Evo which runs from a laptop PSU and is particularly energy efficient and quiet. The down-side is that there is no space for a second disk and only one RAM socket so I’m limited to 256M – that’s just enough to run a Xen server with a single DomU.

I put the new play machine online on Friday the 23rd of October after almost two months of down-time.

• [1] http://www.coker.com.au/selinux/play.html

But the really interesting part is their plan for managing laptops. They are using a virtual machine image on a flash storage device that can run on any system. So deploying a new system will only require installing the virtual machine software and inserting a storage device. Moving a user’s environment to a different system (EG due to hardware failure) will merely require inserting the storage device in a new system.

That raises the issue of ownership of the device. It seems that Jetstar are considering using systems that are owned by employees, Stephen Tame said “In two years’ time a laptop should be a condition of employment, and this includes bringing your own laptop“. When introducing that I expect there would be some resistance by employees who don’t want to spend the money. However
I have previously estimated the costs of running a car [2] which works out to more than $1,650 per year for insurance, registration, basic maintenance, and the interest that would have been received if the car had not been purchased and the money had been invested. Laptops can be purchased for significantly less than $1000 (currently the EeePC 701 is on sale for $219) and can be expected to last for three years or more if you are careful to avoid damage and don’t run demanding software. So a job that demands ownership of a laptop is asking for a much smaller financial investment than one which demands ownership of a car. But I expect that many employees won’t see it that way.

The up-side for employees to bring their own laptops is that they can choose a model that suits their preference. Everyone has preferences regarding the size of keys on a keyboard, the distance that they travel and the pressure required to register a key-press. For desktop machines it’s easy to swap keyboards but for laptops there is no such option. Then there’s the issue of the trade-off between physical size and weight vs display resolution, personal preferences in this regard will depend to some extent on the body mass and strength of the employee.

Now there are a number of security issues related to personal laptop use. Obviously if the laptop has a Trojan-horse program installed then it could sniff any data that goes past on the network. The most trivial case of this could be addressed by running VPN software inside the emulated environment. This would force a Trojan to compromise the virtual environment (EG by modifying the address space) or to compromise the files on disk (insert a Trojan inside the filesystem for the virtual environment). The former would be tricky to get right while the latter would be trivial. Both attack methods have been used in the past and proven to work. This is why many companies prohibit their employees from connecting their own systems to the corporate network.

One example of a system that is based around running virtual machines for all desktop operations is the NSA NetTop project [3]. NetTop involves a SE Linux system that runs multiple instances of VMWare for different desktop environments. Each VMWare instance runs at a particular sensitivity level and uses a VPN connection to a back-end network running at the same level. The aim of NetTop is to prevent applications in the different VMWare instances from communicating with each other. The significant difference between a typical NetTop installation and what JetStar might be doing is that NetTop runs on a secure base – it’s hardware that has been purchased and installed by a military organisation and is run in a secure facility. While personal laptops that are owned by employees can be expected to be infected with viruses and Trojan-horse programs.

In the past I have suggested that an employment package for any skilled employee should include some budget for buying things that facilitate the work [4]. It seems to me that a company like JetStar could best achieve their goals by assigning a budget to each new employee to buy a machine for their use. The employee then gets to choose a machine up to that budget – which would only be for work purposes. Then when the employee leaves or the machine becomes due for replacement it could be sold at auction. When considering all the costs involved in hiring a new person, spending something less than $1,000 to buy a laptop is nothing.

Finally if buying machines for work purposes, you really don’t want employees using them for surfing porn. Porn sites tend to be particularly bad for malware distribution. To reduce the incidence of such problems I think that work machines should have their sound hardware disabled and laptops should not be purchased with overly large displays. There is no need to make work machines totally unsuitable for porn surfing (which would also make them less effective for work), but making them less suitable than a $500 budget PC should dramatically reduce the scope of the problem.

• [1] http://www.australianit.news.com.au/story/0,24897,26021336-15306,00.html
• [2] http://etbe.coker.com.au/2008/06/16/cost-owning-car/
• [3] http://en.wikipedia.org/wiki/NetTop
• [4] http://etbe.coker.com.au/2009/02/01/employment-packages/

Another major benefit of flexible text books is the possibility of teaching a wider range of subjects. A subject does not need the level of interest that is required to get a publishing contract (which generally means acceptance by the education department of a state) to have a text book. Independent schools and home-schoolers can select subjects that are not in the mainstream curriculum.

The information for potential authors of text books is here (they didn’t make it particularly easy to find) [3].

One thing I would like to see is a text book about computer security. I really don’t think that this would be an overly difficult subject for an 11yo who is interested in computers. When I was 11 I read a text book on nuclear physics in the form of a comic book, I don’t think that computer security is inherently more difficult or harder to teach than nuclear physics. Naturally full coverage would require several texts aimed at different ages. But that’s possible too. It would probably be easiest to start with an age of ~16. Also as computer security is a subject that is both difficult at one end of the scale and essential at the other it would be necessary to have A and B streams (as is done with maths in the Australian education system).

Please leave a comment if you are interested in participating in the development of computer security related text books. Incidentally it would be good to get a contributor who has had experience in teaching teenagers even if they don’t have any knowledge of computer security – I don’t expect to find someone with good technical skills and teaching experience.

• [1] http://about.ck12.org/
• [2] http://etbe.coker.com.au/2008/05/24/school-bag-weight/
• [3] http://authors.ck12.org/wiki/