GithubHelp home page GithubHelp logo

Comments (4)

hug-dev avatar hug-dev commented on May 27, 2024 1

Part of the resolution of this issue would have to be done with this one on Parsec.

I have just realised that our checks in the client were useless now that the socket is in /run/parsec.sock. That is because only an administrator can create the /run/parsec folder.
The same way we trusted the administrator to create the parsec user who owns the socket folder, we can now trust them to create the /run/parsec folder. I believe that is exactly the same level of trust and would allow us to remove all the checks in the client. Also, our threat model says that all users with privileges are trusted.

If we decide for now that Parsec will only be deployed with one authenticator there are two options:

  1. Deployment with Direct Authentication. If the socket is not visible to the client, it means they are not in the parsec-clients group. If it visible, clients can either trust the administrator to have set the correct group permissions or do the check themselves. Those checks will not work under containers as they are now, unles we fix the parsec-clients GID. In the parsec side, we can make sure the administrator did things right and add checks for this.
  2. Deployment with Unix Peer Credentials Authentication. Everybody should be able to see the socket and clients don't have to do any checks. Clients can be sure their keys can not be accessed with direct authentication because of both/either: keys are partitioned with authentication type and only one authenticator can be used by Parsec.

from parsec-client-rust.

ionut-arm avatar ionut-arm commented on May 27, 2024

I'll have a look at what changes we need to make in the threat model with the new and improved filesystem locations, and the changes required for this issue - with a focus on making the TM easier to extend for new authenticators.

from parsec-client-rust.

paulhowardarm avatar paulhowardarm commented on May 27, 2024

Probably worth noting that I actually did this experiment with a build of Parsec that was still using /tmp rather than /run, but I updated the issue description to reflect the new path.

from parsec-client-rust.

ionut-arm avatar ionut-arm commented on May 27, 2024

So the overall conclusion is that we don't need the checks and can just drop them, it seems. The threat model updates should cover our backsides

from parsec-client-rust.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.