felix-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Meschberger <fmesc...@adobe.com>
Subject Re: Security & Felix bundles
Date Thu, 14 Mar 2013 11:58:21 GMT
Got it. Thanks for the details.

Regards
Felix

Am 14.03.2013 um 10:24 schrieb Karl Pauls:

> On Thu, Mar 14, 2013 at 8:18 AM, Felix Meschberger <fmeschbe@adobe.com>wrote:
> 
>> Hi,
>> 
>> Am 13.03.2013 um 23:16 schrieb Karl Pauls:
>> 
>>>>   Is it planned to add permissions file into Felix subprojects bundles
>>>> (Config Admi, Event Admin, etc.)?
>>>> 
>>> 
>>> Planned, no. Not at this point - however, I'm sure contributions are more
>>> than welcome. If you want to create some permission files and give them
>> to
>>> use I'm sure we are more than happy to integrate them.
>> 
>> Please excuse my ignorance: Would adding permission files mean, we would
>> have to sign the bundles ?
>> 
> 
> Not necessarily, no.
> 
> The point is that in this model, it makes sense to give allpermission to
> bundles and rely on the limits in their permissions.perm files. This can be
> convenient  (if anything is when security is used ;-) as one only has to
> look at the permissions requested in the permissions.perm to decide if a
> bundle is save to install and no further policy needs to be changed -
> provided, one can rely on the fact that the bundle hasn't been tampered
> with (or at least, the permission.perm file hasn't been changed or removed
> completely).
> 
> In other words, for this to work you need,
> 
> a) a correct permissions.perm file (hopefully only requesting the minimal
> set of needed permissions)  for (and in) each bundle, and
> b) the bundle needs to be signed if you can't assume that nobody is able to
> tamper with it.
> 
> In consequence, while the bundle ultimately probably has to be signed by
> somebody, we don't _have to_ sign it just because we provide a
> permissions.perm inside of it.
> 
> Figuring out the minimal set of permissions is hard. Signing a bundle and
> giving allpermission to that cert might be effort but isn't the end of the
> world -- hence, I'd argue that providing a permissions.perm with our
> bundles is a value in itself. Signing them as well would be another value
> add but isn't needed to make the former valuable.
> 
> regards,
> 
> Karl
> 
> 
>> Regards
>> Felix
>> 
>> --
>> Felix Meschberger | Principal Scientist | Adobe
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
>> For additional commands, e-mail: users-help@felix.apache.org
>> 
>> 
> 
> 
> -- 
> Karl Pauls
> karlpauls@gmail.com
> http://twitter.com/karlpauls
> http://www.linkedin.com/in/karlpauls
> https://profiles.google.com/karlpauls


--
Felix Meschberger | Principal Scientist | Adobe








---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org


Mime
View raw message