celix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Broekhuis <a.broekh...@gmail.com>
Subject Re: Implementing security features in Celix
Date Fri, 22 Nov 2013 08:49:09 GMT
Hi,

>
> I think putting the signed bundles functionality in a library is a good
> idea. I don't agree with dynamically checking if the library exists.
> I prefer a compilation option, which if turn on requires the library (e.g.
> has a dependency to), this is IMO a more simple approach.
> This also enforces that a securtiy library is needed when Celix is compiled
> with this option, which is IMO a more secure.


I agree. Besides the fact that it is more secure, I think this is also more
in line with other linux based projects. Another side-effect is that the
resulting binary size will change, so for a minimal system, disabling
security decreases the size.
So this will result in some IFDEF statements in the code. From a code point
of view I'd like to see those as less as possible, and when needed try to
put an abstraction on top of them so they are grouped in one file. I don't
know if this is possible for the security library, but at least something
to consider.

> >
> > > So I think it can be a build option without the need for configuration
> > > * Build-options: Security Required/Security Optional/Security Disabled
> > >   Required implies always on, everything must be signed
> > >   Optional implies that signed bundles are verified
> > >   Disabled implies that signing information is simply ignored
> > >
> > >
> > > >
> > > > I think having the option to toggle the requirement after compilation
> > > > would be nice to have because it allows you to compile the framework
> > once
> > > > and use it on multiple systems.
> > > >
> > >
> > > Considering this, I think a sane default would be the Optional build
> > > settings. If really needed an additional configuration option could be
> > used
> > > to make it required via configuration.
> > >
> > > Wdyt?
> > >
> >
> > I agree that a build option would the best solution and choosing the
> > optional one as the default setting.
> >
> > Other than that I don't have anything useful to add at the moment. If
> > anything pops into my mind I'll reply again, but until then I'd say that
> it
> > should be implemented as an library with a check at start-up to see if
> it's
> > available. And with the three options you listed with the optional one as
> > default.
> >
>
> +1 for the build option. But what about the options: required, configurable
> and disabled.
> Where:
>  - required means : bundles need to be signed and securty library is
> mandatory.
>  - configurable means : security library is mandatory, but whether bundles
> needs to be signed,  are only checked if signed or no checking at all is a
> configuration option (config.properties).
>  - disabled means: security libary is not used and bundles will not be
> checked.
>
>
See my earlier remarks, this is exactly what I already proposed :).

-- 
Met vriendelijke groet,

Alexander Broekhuis

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message