Hi, nice ideas which are VERY interesting. Some history: When we have started the WebYaST project only the SCR DBUS interface of YaST has been available to communicate with YaST. So mostly all calls have been done via the SCR::Execute by starting YaST modules in the commonline mode. For that these rights have been set in the RPM post install script for the user "yastws". In order to improve the security only a "white list" of commands are valid while calling SCR::Execute (have a look to "def execute (arguments, environment=[] )" in webservice/lib/scr.rb) Now as more and more YaST modules provide a DBUS interface these SCR:Execute calls are no longer needed. ( I think we will change this step by step ). But now each webservice plugin has to set the special rights by his own for the user "yastws". ( I assume while installing the package) So the user "yastws" has only rights for special YaST resources. From my point of view this would fulfill the security issue. But may be I am wrong.... I have asked Ludwig concerning this concept and at least he has NOT said NO :-) (Ludwig I hope you have no objections to add you again to the discussion. Perhaps I have missed something ). To the other ideas: Josef Reidinger schrieb:
Hi, I study permissions problem on 11.1 in language module. I found (with mvidner help) root of problem in yast dbus backend call from yast-webservice. I check in webservice if user has rights (in this case root) and then I call to dbus. Problem is that dbus backend check not again root but again caller which is yastws user. So first solution which work is grant yastws all rights in rpm post-script as we do for root. But I think that this is quite big security issue as this mean that anyone who crack into webservice has all rights because he can act as yastws user with all rights to yast backend. This should be somehow solved. MVidner have idea that we could run backend as logged user instead yastws. This has problem that we must somehow handle sending passwords and also multiuser process (another user need maybe another port).
In the future we will have one special (unique) port for the YaST-webservice which will be applied by an organisation ( I have forgotten the name. Klaus has said that he will take care about :-) ) So variable port addresses will be not a solution here.
My idea is use ssh with keys authentication and execute dbus call via this ssh, so then we can act as logged user and not as yastws.
I am not sure if we are really improve our security here. Ludwig what you are thinking about this suggestion?
Any other ideas or comments? thanks JR
Greetings Stefan -- ******************************************************************************* Stefan Schubert SUSE LINUX GmbH - Maxfeldstrasse 5 - D-90409 Nuernberg, Germany e-mail: schubi@suse.de ------------------------------------------------------------------------------- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org