Label networks like MS (was Re: How about employing <anything>)
L A Walsh
dbus at tlinx.org
Sat Oct 6 22:39:50 UTC 2018
On 8/1/2018 7:19 AM, Simon McVittie wrote:
> One of the major problems with a clustered setup is that you have to
> make assumptions about identity, security, and addressing resources. The
> assumptions that D-Bus traditionally made were the same as the assumptions
> under which NFSv3 was traditionally deployed:
>
----
Why are you making assumptions when the user can explicitly classify
a connection as private/public/corporate, etc...?
> * identity: numeric UIDs are shared (uid 1000 on each machine is the same)
> * security: only authorized machines have access to the LAN, and all
> authorized machines are equally trusted to enforce identity (if one
> machine says I am uid 1000, then I can be uid 1000 on all machines)
>
I have that on my internal Domain.
>
> However, these assumptions are fragile. In particular, if any unauthorized
> machine (including a phone, games console or smart-fridge) can join the
> LAN, then the security assumption is[may be] broken. As soon as one of those
> assumptions is broken, the setup as a whole is wrong; and we can't detect
> whether those assumptions are broken, so we can't even warn about that.
>
====
In particular, how do you plug your smartphone into a wired connection
that goes from computer-to-computer with no intervening switches. I've
yet to
see a smartphone come with a vampire tap.
In any event, as soon as they plugin, they'll be seen as a new MAC on
the net, presumably looking an address and route. A secured network
isn't likely to give them anything useful.
>
>> Fortunately, at least some of those with secure networks aren't really
>> demanding all the wizz-bangs that would be needed in a hostile environment.
>>
>
> That's fine up to a point, but dbus-daemon can't tell the difference
> between your secure network, my local coffee shop's hostile environment,
> and Jeep's expensive recall.
MS networks are labeled. Why not linux networks?
> Experience demonstrates that, unfortunately,
> anything that is possible will tend to be treated as fully supported,
> and not making insecure configurations harder to achieve seems like an
> abdication of responsibility.
>
----
MS doesn't take that attitude. Why should linux? Why do you
treat linux users as being more stupid and less responsible than
MS users?
More information about the dbus
mailing list