2009/7/13 Pablo Manalastas <prmanalas...@yahoo.com>: > > REGARDING SOURCE CODE REVIEW: > > Comelec has already approved CenPEG's request to do a source code review, and > at present, we are in the process of writing down the specifics of our > request, and specifics of Comelec's approval. > > We have asked Comelec for the following: > > 1. That the source code of the PCOS program (SAES-1800 election application) > and the CCS canvassing program (REIS v2.0) be supplied to us in softcopy > format. The industry-standard manner of distributing source code as > "configure-make" packages in tar.gz format will be ideal. > > 2. Although we have not requested for this, the design documents > (Rational-Rose diagrams or their equivalent, if any) that specify exactly > what the programs should be doing will help greatly in our review. Please > understand that source code review is not easy, and you (COMelec) will need > to supply these documents anyway to your own panel of technical experts who > will do the source code review for Comelec. Either softcopy design > documentation or printouts will be satisfactory. > > 3. Application programming interface (API) documentation for any third party > libraries that might have been used in writing the programs. If the third > party library does not have API documentation, then the manual pages of the > API functions will be satisfactory. Softcopy is preferable to printouts, so > that the reviewers can have the documentation online as they do the review. > If the third partry library is open-source, with documentation available on > the Net, the URL to the documentation will work just as fine for us. > > If we missed something here, please tell us so that we can include it.
Just thinking out loud: Would it be possible for Comelec to provide you these things all with a corresponding digital signature? Ideally, could Comelec provide a publicly-accessible GPG key that you could use to verify the sources (and could possible be used later on to verify the results,) in a way similar to Archive Signing Keys for software packages? > REGARDING LINUX SYSTEM ADMIN SETTINGS OF THE ELECTION COMPUTERS: > > I am preparing a list, and so far, here is what I came out with: > > a. Who the users are, and who know their passwords (Smartmatic? Comelec? BEI > tech person?). Who know the password of the root user? Can any user log in > from remote? Please printout the contents of the files /etc/passwd and > /etc/securetty for PCOS and CCS. > > b. Do the PCOS election program and the CCS canvassing program implement 100% > logging of all their activities? Please printout the contents of > /etc/syslog.conf and a listing of all the files in the directory /var/log and > subdirectories thereof, specially /var/log/httpd > > c. What services are running while the election programs are running? Are all > of these services necessary? Which ones can be removed without compromising > the proper functioning of the PCOS and CCS computers. Please print the > output of the command "ps ax" for both PCOS and CCS computers. Please print > the output of the command "runlevel". Please print the contents of the > directories /etc/rc*.d > > d. Does the PCOS and CCS computers implement Security-Enchanced Linux > (SELinux)? Please print out the SELinux settings. > > e. The computer can be accessed through what ports? Please print the listing > of open ports (System > Adminitration > Network Tools > Port Scan > [Enter IP > address] > Scan). Can any of these ports be closed to reduce the possibility > of unauthorized breakin? > > I know that this is INCOMPLETE, so your help in completing this list will be > appreciated. g. is everything (the application, the election data, the OS itself, even the logs) subject to a backup system, possibly to a different (but possibly publicly accessible) location? h. is there a process of the election application deployment that puts in verification (e.g. something like a GPG signature verification of the application binaries and/or source,) which could also be extended to the data/results? i. related to h., is there some sort of public infrastructure that would allow independent verification of the (automated) result output? j. since this is all supposed to be 'automated', are all the machines to be deployed using and automatic configuration management system (like CFEngine or Puppet) so possible preconditions like those above could be declared and verified? Again, just braindumps. :D -- Zak B. Elep || zakame.net 1486 7957 454D E529 E4F1 F75E 5787 B1FD FA53 851D _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
