Closed lonnietc closed 3 years ago
That's currently true, yes. While applications already need to ask their parent to get access to a service, the parent currently always allows the access. So, the mechanism is in place, but a policy is missing that determines whether the app should get access. For example, one could specify in the bootscript which app has access to which service, similarly to the "provides" argument.
See: https://github.com/TUD-OS/NRE/blob/master/nre/libs/libstdc%2B%2B/subsystem/Child.cc#L45
Thanks for this wonderful information and it will be very relevant for me to keep in mind going forward on the project.
Have a great weekend, my friend.
Hi All,
I was just thinking about something that was said earlier in another post that when NRE services are loaded then the PDs have access to those services.
This makes me wonder about security such that if the services are loaded (once compiled of course and loaded at boot time)
https://github.com/TUD-OS/NRE/tree/master/nre/services
Then, is it true that any application running in nay PD can get access to those services if they are compiled against the NRE libraries?
I am thinking of the case when a malicious App is created by someone compiling against the NRE libraries to create an App which is then started up in a VM in some way. Then, it seems that that particular App could gain access to the loaded services and cause harm in some way.
Would it not be better, for the services to be loaded but then only allowed to be accessed by certain Apps in their own PD such that access to loaded services is controlled tightly and ensures better PD security?
Maybe I have missed something here, or perhaps not have learned about it yet in my reading which is under way now.
Any thoughts on this?