Comments (4)
Part of the resolution of this issue would have to be done with this one on Parsec.
I have just realised that our checks in the client were useless now that the socket is in /run/parsec.sock
. That is because only an administrator can create the /run/parsec
folder.
The same way we trusted the administrator to create the parsec
user who owns the socket folder, we can now trust them to create the /run/parsec
folder. I believe that is exactly the same level of trust and would allow us to remove all the checks in the client. Also, our threat model says that all users with privileges are trusted.
If we decide for now that Parsec will only be deployed with one authenticator there are two options:
- Deployment with Direct Authentication. If the socket is not visible to the client, it means they are not in the
parsec-clients
group. If it visible, clients can either trust the administrator to have set the correct group permissions or do the check themselves. Those checks will not work under containers as they are now, unles we fix theparsec-clients
GID. In theparsec
side, we can make sure the administrator did things right and add checks for this. - Deployment with Unix Peer Credentials Authentication. Everybody should be able to see the socket and clients don't have to do any checks. Clients can be sure their keys can not be accessed with direct authentication because of both/either: keys are partitioned with authentication type and only one authenticator can be used by Parsec.
from parsec-client-rust.
I'll have a look at what changes we need to make in the threat model with the new and improved filesystem locations, and the changes required for this issue - with a focus on making the TM easier to extend for new authenticators.
from parsec-client-rust.
Probably worth noting that I actually did this experiment with a build of Parsec that was still using /tmp
rather than /run
, but I updated the issue description to reflect the new path.
from parsec-client-rust.
So the overall conclusion is that we don't need the checks and can just drop them, it seems. The threat model updates should cover our backsides
from parsec-client-rust.
Related Issues (20)
- Add support for MAC operations
- Migrate away from using users crate
- Extract UnixSocket-specific functionality out of RequestHandler
- Rename methods to contain `psa_` prefix HOT 1
- Make the CoreClient really dumb HOT 16
- Expose the interface through the client, even for testing
- Modify interface to take parameters as reference HOT 7
- Resolve service endpoint from a URI environment variable HOT 3
- Implement new authenticator support HOT 2
- List existing tests
- Implement component bootstrapping HOT 6
- Add a JWT-SVID authentication data
- Un-versioned SPIFFE dependency prevents publishing crate at version 0.12.0 HOT 2
- Add support for ListClients and DeleteClient
- Investigate a SignClient for just-in-time key creation HOT 3
- Use &str for key names instead of String
- Manage data safely within the client HOT 4
- Complete the `BasicClient` examples HOT 1
- Add BasicClient::new_non_authenticated()
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from parsec-client-rust.