[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: snmpconf Issue #17: security questions




>>>>> Wes Hardaker writes:

[...]

Wes> In general, I simply disagree that the access control should be
Wes> associated with the "last SET" to the row when that column may be
Wes> updated frequently.  It makes it a pain for administrators
Wes> sharing tasks to ensure that things execute with a "standard"
Wes> permission set, since one administrator making any changes to the
Wes> code affect how the code operates.  I'm much more likely to want
Wes> the code to run as "demonuser" with a restricted set of access
Wes> control but give myself (with full permissions) write access to
Wes> the code segments.

Wes> The "last SET to some particular activation column" makes much
Wes> more sense to me, which is how the DISMAN MIBs operate.

The Script MIB make the rights associated with a running script
explicit throught the owner attribute. Hence, you a manager can look
at the MIB and figure out what is currently going on, which I think is
of key importance.

The launch table allows to execute a single script with different
permissions (owner attributes). The special access control checks when
someone presses the launch button just ensures that you can't guess
script names (which you do not have read permissions for) and create
launch buttons for it.

There was a discussion in the DISMAN WG on how to deal with the
delegation of credentials where a management application wants to
delegate e.g. community strings to a mid-level manager so that it can
use them. We did spend some time on this and finally decided to defer
that problem as this is really hard to solve generically. In practice,
this implies that either (a) owner string are mapped in implementation
specific ways to credentials that are needed to access other systems
or (b) credentials are actually hard coded in the management scripts
themself, assuming the script code is properly protected or (c)
credentials are passed as launch arguments, assuming the launch table
is properly protected.

/js

-- 
Juergen Schoenwaelder      Technical University Braunschweig
<schoenw@ibr.cs.tu-bs.de>  Dept. Operating Systems & Computer Networks
Phone: +49 531 391 3289    Bueltenweg 74/75, 38106 Braunschweig, Germany
Fax:   +49 531 391 5936    <URL:http://www.ibr.cs.tu-bs.de/~schoenw/>