Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Flexible file permissions handling at DSI Core Terminal #39

Open
qwofford opened this issue Jun 25, 2023 · 1 comment · May be fixed by #58
Open

Flexible file permissions handling at DSI Core Terminal #39

qwofford opened this issue Jun 25, 2023 · 1 comment · May be fixed by #58
Assignees
@DanielRJohnson

Comments

@qwofford
Copy link
Collaborator

qwofford commented Jun 25, 2023
edited
Loading

DSI Core Terminals read and write files through Drivers. Each file that is read or written has exactly one UID, GID, and permissions setting.

Each process is associated with a UID, an effective (default) GID, and a collection of other GIDs. The ability to read files by a GID other than the effective GID complicates the process required to write files.

Consider the following scenario:

  1. Greg launches a process with UID 1 and effective GID 2. Greg's GID collection is [1,2,3]
  2. The process instantiates a DSI Core terminal
  3. A DSI Driver reads a file with 1:3 ownership and a file with 1:2 ownership.
  4. The Core Terminal is transloaded, merging the data of both files, losing ownership. It's OK for Greg to see this.
  5. Greg calls Terminal().artifact_handler(interaction_type='put') and writes a file with the process UID and effective GID.
  6. The resulting file has 1:2 ownership, which allows someone with a 2 GID to see some metadata which should only be seen by someone with 3.

This is only one example of how this can fail. We need to treat the cases of this failure formally to ensure we create as many files as we need to to maintain POSIX file security when files are written.

One way to handle this is to remember the permissions of a file that is read, and associate those permissions in the Terminal().active_metadata buffer per every column of data, and when a Terminal().artifact_handler(interaction_type='put') occurs, write a new file with the same permissions.

This is an important security feature that should be present in every DSI Driver, so it may make sense to implement this at the most fundamental Driver class available so that any downstream implementations will have the same capability. This could be a "private" method that is called in Driver().put_artifacts(...). The driver should check for this metadata, write the file with the same permissions as from the metadata, xor warn if no permissions data exists, and write metadata with UID:UID permissions and no other read, write, or execute permissions.
@DanielRJohnson DanielRJohnson self-assigned this Jul 3, 2023
@DanielRJohnson
Copy link
Collaborator

Quincy touched on this a bit in the issue description, but this is a visual on how I'm imagining this solution:

Screenshot 2023-07-11 at 10 48 53 AM

@qwofford qwofford linked a pull request Jul 19, 2023 that will close this issue
Draft
@DanielRJohnson DanielRJohnson linked a pull request Jul 31, 2023 that will close this issue
Handle complex metadata permission storage #58
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DanielRJohnson DanielRJohnson

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Handle complex metadata permission storage lanl/dsi
2 participants
@qwofford @DanielRJohnson