[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
RE: [dsdp-tm-dev] Dstore to use privileged ports for serverPortRange
|
We've had many more discussions with our security department and what we
have determined is that although using privileged ports does provide
more security, it does not meet all of the security requirements of our
customer. So we have had to consider alternatives.
Looking at similar communication paths what our security department
recommends is an application level proxy in the DSTORE communication
path that can reside in a DMZ. I was planning to open an enhancement
request for this.
Denise Schmidt
Lockheed Martin IS&GS Civil
-----Original Message-----
From: Oberhuber, Martin [mailto:Martin.Oberhuber@xxxxxxxxxxxxx]
Sent: Monday, August 17, 2009 7:05 AM
To: Target Management developer discussions
Subject: RE: [dsdp-tm-dev] Dstore to use privileged ports for
serverPortRange
Hi Denise,
it looks like this thread got stalled, do you still have
any open questions?
Cheers,
--
Martin Oberhuber, Senior Member of Technical Staff, Wind River
Target Management Project Lead, DSDP PMC Member
http://www.eclipse.org/dsdp/tm
> -----Original Message-----
> From: dsdp-tm-dev-bounces@xxxxxxxxxxx
> [mailto:dsdp-tm-dev-bounces@xxxxxxxxxxx] On Behalf Of Schmidt, Denise
> Sent: Donnerstag, 09. Juli 2009 17:42
> To: dsdp-tm-dev@xxxxxxxxxxx
> Subject: [dsdp-tm-dev] Dstore to use privileged ports for
> serverPortRange
>
> We would like the dstore SERVER to listen on the privileged
> port. Since
> the daemon runs as root it can already listen on a privileged port.
>
> We started looking again at calling setuid from within the server
> process as we determined we can permanently drop privileges but now we
> are having issues with calling the .profile and being able to
> export the
> user's environment. How does RSE send commands to the remote system?
> Does it open a shell and manipulate standard input and output of the
> shell? We are working with AIX as the remote system and we
> are required
> to encrypt our data using SSL.
>
> As for the suggestions you made, they sound very interesting and I can
> research those as well. I'm not all that experienced with these
> protocols so if you have some more detail you could give,
> that would be
> very appreciated. I'm not quite sure how an external program would
> communicate with the local RSE client along with funneling the data to
> the remote server.
>
> Thanks!
>
> Denise Schmidt
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 9 Jul 2009 14:43:41 +0200
> From: "Oberhuber, Martin" <Martin.Oberhuber@xxxxxxxxxxxxx>
> Subject: RE: [dsdp-tm-dev] Dstore to use privileged ports for
> serverPortRange
> To: "Target Management developer discussions"
> <dsdp-tm-dev@xxxxxxxxxxx>
> Message-ID:
>
> <460801A4097E3D4CA04CC64EE64858480A693C86@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="us-ascii"
>
> Do you want the dstore SERVER or the DAEMON to listen on the
> privileged
> port?
>
> What if you use an external program to listen on the
> privileged port and
> relay its communication?
>
> In the simplest case, you could use netcat (nc), a little bit more
> advanced is socat; or, you
> have an sshd daemon listen and open ssh tunnels throug it;
> or, you have
> a SOCKS proxy
> running and relay its ports.
>
> Cheers,
> --
> Martin Oberhuber, Senior Member of Technical Staff, Wind River
> Target Management Project Lead, DSDP PMC Member
> http://www.eclipse.org/dsdp/tm
>
>
>
>
> ________________________________
>
> From: dsdp-tm-dev-bounces@xxxxxxxxxxx
> [mailto:dsdp-tm-dev-bounces@xxxxxxxxxxx] On Behalf Of Schmidt, Denise
> Sent: Montag, 06. Juli 2009 23:02
> To: dsdp-tm-dev@xxxxxxxxxxx
> Subject: [dsdp-tm-dev] Dstore to use privileged ports for
> serverPortRange
>
>
>
> We are interested in modifying Dstore to allow the
> serverPortRange to use privileged ports (<1024). I had posted a
> newsgroup question about this and now we're looking at how we
> could make
> changes for this.
>
>
>
> We were first looking at starting the
> org.eclipse.dstore.core.server.Server method as root and then calling
> the native Unix setuid to change the effective user ID to that of the
> client. But after thinking more about it, there is the
> possibility that
> the user could execute something that would setuid the process back to
> root and then they would have authority on the remote system
> they should
> not have.
>
> So now we are looking at possibly splitting the server
> functionality into separate processes, one that runs as root and
> communicates over the network and one that runs as the client user ID
> and does all the "real" work on the remote system. The 2 processes
> would have to communicate data between them. I've been
> looking over the
> Dstore source code to see how easy that separation might be.
>
> Does this solution sound reasonable? Is there another, possibly
> better solution we haven't thought of?
>
> Any suggestions or things we should consider while tackling this
> are appreciated. We'd like to work this out so that we could
> contribute
> our changes back.
>
> Thanks.
>
> Denise Schmidt
> _______________________________________________
> dsdp-tm-dev mailing list
> dsdp-tm-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/dsdp-tm-dev
>
