[Bug 344301] New: per use timezone file
https://bugzilla.novell.com/show_bug.cgi?id=344301 Summary: per use timezone file Product: openSUSE 11.0 Version: unspecified Platform: Other OS/Version: Other Status: NEW Severity: Enhancement Priority: P5 - None Component: Basesystem AssignedTo: pbaudis@novell.com ReportedBy: lnussel@novell.com QAContact: qa@suse.de CC: jpr@novell.com Found By: --- Seeing people writing applications like this: http://blog.fubar.dk/?p=94 that mess with the system wide timezone file while just changing the users' time zone would be sufficient makes me wonder why there is no user specific timezone file to override /etc/localtime. There is only the TZ environment variable but that one can obviously not be changed for other processes. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=344301#c1
--- Comment #1 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=344301
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=344301#c2
--- Comment #2 from Petr Baudis
https://bugzilla.novell.com/show_bug.cgi?id=344301#c3
--- Comment #3 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=344301#c4
--- Comment #4 from Petr Baudis
https://bugzilla.novell.com/show_bug.cgi?id=344301#c5
--- Comment #5 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=344301#c6
--- Comment #6 from Petr Baudis
https://bugzilla.novell.com/show_bug.cgi?id=344301#c7
--- Comment #7 from JP Rosevear
https://bugzilla.novell.com/show_bug.cgi?id=344301#c8
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=344301#c9
--- Comment #9 from Petr Baudis
https://bugzilla.novell.com/show_bug.cgi?id=344301#c10
--- Comment #10 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=344301#c11
--- Comment #11 from Roman Drahtmueller
https://bugzilla.novell.com/show_bug.cgi?id=344301#c12
--- Comment #12 from Federico Mena Quintero
https://bugzilla.novell.com/show_bug.cgi?id=344301#c13
--- Comment #13 from Federico Mena Quintero
https://bugzilla.novell.com/show_bug.cgi?id=344301#c14
--- Comment #14 from JP Rosevear
An additional remark, just to back what Marcus just wrote:
If this framework is activated by default and needs an opt-out, we are right next to a single user multi-tasking system, similar to Windows 98 or XP. It will open doors for all kinds of malware which will see even defined interfaces to obscure their presence in the system and to hide the evidence of their actions. A violation of security concepts of this kind will be ten times as expensive as a proper and minimalistic design approach.
PolicyKit has been shipping on openSUSE since 10.2 and the hal the hardware abstraction layer depends on it. The system is much more granular that the all or nothing approach of sudo/resmgr (at least as I understand resmgr) and can require the user to re-authenticate (like OS X package updates), require root access, . In some circumstance you can actually increase security because you could for instance give a person the right to install packages from trusted repos (PackageKit allows this) *without giving them the root password* meaning the scope of what they can do to the machine accidentally is quite limited while allowing the person to accomplish their tasks. It is perfectly feasbile to ship different default configurations for the desktop and server. Install PolicyKit-doc and 'man PolicyKit.conf' or look at http://hal.freedesktop.org/docs/PolicyKit/ for more information on permission granting. Lets not head back to the days on the desktop where you needed a root password to connect to a new wireless network.
I suspect that it is not really known the system time setting, which the timezone setting belongs to, is a very critical component of the system's security conception. Everything that product management intends to have implemented with regards to IDM integration and various regulatory compliance issues is just obsoleted with a subsystem that changes system-wide security-related settings. As you can read, neither the security-team not the security-architect are willing to take responsibility for such kinds of "solutions", because they manifest the actual problem.
This together with the above comment implies neither Windows nor MacOS X is able to achieve this compliance? I'm not familiar with the IDM integration and regulatory compliance issues, are their Fate#'s or a PRD that could be reviewed? Do this issues only affect servers?
As a hint, since the security paranoids are not supposed to just whine and not be productive by blocking ideas: The semantics of glibc can be adopted very easily to allow for the retrieval of the timezone data of a user-owned file each time the library calls that make use of the data are being called. Such an approach does not have any security implications.
Summary: System wide TZ setting changes will result in * discontinuity of system time, spoiling - regulatory compliance, almost all of the imagineable - audit records - syslogs - cryptographical issues such as key exchange - mail delivery * the need to restart every single system service or daemon that makes use of the timezone information. * time inconsistencies between services that run under different timezones after a change
What about networking, printing, bluetooth, etc? The nice part of PolicyKit is its a consistent interface for granting privileges to dbus based services and can be nicely interfaced with a CIM module for instance. Additionally in the case of hardware, resmgr already grants unpriviliged local console users access so this is not completely without precedent. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=344301#c15
--- Comment #15 from Petr Baudis
* discontinuity of system time, spoiling - regulatory compliance, almost all of the imagineable - audit records - syslogs - cryptographical issues such as key exchange - mail delivery
I don't buy this. The system time is not discontinued - it doesn't really move back and forth, only its _presentation_ might. Can you give an example of security-sensitive application uses date representation that is (i) not UNIX timestamp (it doesn't change when changing timezone!) and (ii) does not include timezone information? Only one I can think of is syslog, but that should be no problem if you also log timezone changes. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=344301#c16
--- Comment #16 from Federico Mena Quintero
https://bugzilla.novell.com/show_bug.cgi?id=344301#c17
--- Comment #17 from Ludwig Nussel
participants (1)
-
bugzilla_noreply@novell.com