[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

partial lock security concerns

To: "Netconf (E-mail)" <netconf@ops.ietf.org>
Subject: partial lock security concerns
From: Andy Bierman <ietf@andybierman.com>
Date: Fri, 07 Dec 2007 08:46:55 -0800
User-agent: Thunderbird 2.0.0.9 (Windows/20071031)

Hi,

I am somewhat concerned about the security vulnerabilities
created by a partial-lock solution based on arbitrary Xpath expressions.
I assure you that the Security Area Director will be even more
concerned, once he hears about it.

Granting access at the time the Xpath expression is configured,
instead of when access is requested is not good enough security.

Even if the Xpath expression was checked at access request time,
there are still problems.

Consider the possibility that the Xpath expression allows more
nodes that the intended set to be accessed, under spurious conditions.
The operator who wrote the Xpath expression is not aware this hole exists.

Consider the possibility that a hacker knows the security configuration,
and knows when and how to take advantage of the 'extra access'.

The only safe solution is to base the locks on stable information,
which cannot be edited under any circumstances by a user.
Only the 'naming' information (QName path from root) meets this
requirement.


Andy


--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Follow-Ups:
- Re: partial lock security concerns
  - From: Martin Bjorklund <mbj@tail-f.com>

Prev by Date: Re: bug or feature?
Next by Date: partial locking and access control
Previous by thread: bug or feature?
Next by thread: Re: partial lock security concerns
Index(es):
- Date
- Thread