[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gpsd-dev] Wjy does gpsd need root
|
From: |
Gary E. Miller |
|
Subject: |
Re: [gpsd-dev] Wjy does gpsd need root |
|
Date: |
Tue, 24 May 2016 17:44:28 -0700 |
Yo Hal!
On Tue, 24 May 2016 17:20:10 -0700
Hal Murray <address@hidden> wrote:
> Let's ignore the current implementation quirks. If we were starting
> over with a clean slate, how would you connect gpsd to ntpd? Can
> that be made secure?
Certanily not something that needs any current thought, so, just for
long term thinking. I like the potential for simple JSON, should be
easy if the GPS_JSON refclock gets fixed. The chronyd socket interface
is also sorta nice, if it could be made a little more self-configuring.
> What does secure even mean in that context?
Hardest to do, and most important, you need to stop a local
unpriviledged user from either getting more priviledges than he is
granted. That includes file or execute permissions, or being able to
change the system time.
In our case, the harm that comes from a bad actor fiddling with our
system time is well documented in its many aspects. But we need to
think bigger.
Somehat easier to do, secure means preventing non-local agents from
becoming a local user. Or being able to access or change local
resources (like files or time) that daemons like sendmail or apache do
not already allow the remote agent.
Or, you could simply say that secure is when I can prevent people from
doing bad things whjile allowing them in some cases to do not-bad things.
Or stick your head in the sand and say if something does not have a CVE then
it is not a problem.
The devil of course is in the details. Some people say that even being
able to read your system clock is a security problem. IMHO, sudo is a
great example of something that seems to fix a security problem, but
actually makes it much, much, worse.
The topic so huge it is prolly take it on a case by case basis. If
someone can think of a way to abuse a particular feature, we need to
think of ways to minimize that harm.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
address@hidden Tel:+1 541 382 8588
pgpywkRCAHdLP.pgp
Description: OpenPGP digital signature
- Re: [gpsd-dev] scons check - gpsd:ERROR: SER: error setting port attributes: Invalid argument, (continued)
- Re: [gpsd-dev] scons check - gpsd:ERROR: SER: error setting port attributes: Invalid argument, Gary E. Miller, 2016/05/23
- Re: [gpsd-dev] scons check - gpsd:ERROR: SER: error setting port attributes: Invalid argument, Hal Murray, 2016/05/23
- Re: [gpsd-dev] scons check - gpsd:ERROR: SER: error setting port attributes: Invalid argument, Gary E. Miller, 2016/05/23
- Re: [gpsd-dev] scons check - gpsd:ERROR: SER: error setting port attributes: Invalid argument, Hal Murray, 2016/05/24
- Re: [gpsd-dev] scons check - gpsd:ERROR: SER: error setting port attributes: Invalid argument, Gary E. Miller, 2016/05/24
- [gpsd-dev] Wjy does gpsd need root, Hal Murray, 2016/05/24
- Re: [gpsd-dev] Wjy does gpsd need root, Gary E. Miller, 2016/05/24
- Re: [gpsd-dev] Wjy does gpsd need root, Hal Murray, 2016/05/24
- Re: [gpsd-dev] Wjy does gpsd need root, Gary E. Miller, 2016/05/24
- Re: [gpsd-dev] Wjy does gpsd need root, Hal Murray, 2016/05/24
- Re: [gpsd-dev] Wjy does gpsd need root,
Gary E. Miller <=
- Re: [gpsd-dev] scons check - gpsd:ERROR: SER: error setting port attributes: Invalid argument, Jason Azze, 2016/05/24
- Re: [gpsd-dev] scons check - gpsd:ERROR: SER: error setting port attributes: Invalid argument, Gary E. Miller, 2016/05/25
- Re: [gpsd-dev] scons check - gpsd:ERROR: SER: error setting port attributes: Invalid argument, Hal Murray, 2016/05/26
- Re: [gpsd-dev] scons check - gpsd:ERROR: SER: error setting port attributes: Invalid argument, Gary E. Miller, 2016/05/26
- Re: [gpsd-dev] scons check - gpsd:ERROR: SER: error setting port attributes: Invalid argument, Hal Murray, 2016/05/26
- Re: [gpsd-dev] scons check - gpsd:ERROR: SER: error setting port attributes: Invalid argument, Gary E. Miller, 2016/05/26
- Re: [gpsd-dev] scons check - gpsd:ERROR: SER: error setting port attributes: Invalid argument, Gary E. Miller, 2016/05/26
- Re: [gpsd-dev] scons check - gpsd:ERROR: SER: error setting port attributes: Invalid argument, Jason Azze, 2016/05/26
- Re: [gpsd-dev] scons check - gpsd:ERROR: SER: error setting port attributes: Invalid argument, Gary E. Miller, 2016/05/26
- Re: [gpsd-dev] scons check - gpsd:ERROR: SER: error setting port attributes: Invalid argument, Hal Murray, 2016/05/26