Project

General

Profile

Actions

Bug #4115

open

FaceManager doesn't reject attempts to destroy "reserved" faces

Added by Davide Pesavento over 7 years ago. Updated almost 7 years ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
Management
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Actions #1

Updated by Junxiao Shi over 7 years ago

faces/destroy is a privileged operation. The management authenticator logs a warning if privileges are not properly configured. Therefore, this bug is akin to "rm does not reject attempts to rm -rf /*".

Actions #2

Updated by Davide Pesavento over 7 years ago

Junxiao Shi wrote:

faces/destroy is a privileged operation.

How is that relevant? And even then, I'm sure 99% of the users run with the default permissions, i.e. everything is authorized.

The management authenticator logs a warning if privileges are not properly configured.

...which nobody cares about.

Therefore, this bug is akin to "rm does not reject attempts to rm -rf /*".

rm(1) has a --preserve-root option, enabled by default.

In any case, I don't agree with the comparison. I'd say this bug is more similar to shutting down all netlink sockets and preventing the creation of new ones, which is much harder to do (I don't think it's even possible on standard kernels), and definitely cannot be done by accident, e.g. by mistyping a command.

Actions #3

Updated by Junxiao Shi over 7 years ago

I'm sure 99% of the users run with the default permissions, i.e. everything is authorized.

Yes, even the routers. Combined with misconfigured WebSockets proxy (#3402-5), I can attack a router easily.
I'd put up a blog post about securing NFD command authentication sometime, but that's out of scope of this issue.

The management authenticator logs a warning if privileges are not properly configured.

...which nobody cares about.

The operator SHOULD care about WARNINGs and ERRORs.

Therefore, this bug is akin to "rm does not reject attempts to rm -rf /*".

rm(1) has a --preserve-root option, enabled by default.

--preserve-root only saves you from rm -rf /. It doesn't save you from rm -rf /*.

Actions #4

Updated by Davide Pesavento over 7 years ago

Junxiao Shi wrote:

--preserve-root only saves you from rm -rf /. It doesn't save you from rm -rf /*.

Of course, because /* is expanded by the shell into /bin, /etc, /usr, etc... so the rm command never actually sees /* in the argument list.
I'm not sure I understand your point here...

Actions #5

Updated by Davide Pesavento almost 7 years ago

  • Priority changed from Normal to Low
  • Target version deleted (v0.6)
Actions

Also available in: Atom PDF