Comments (9)
bellgrim
commented on August 22, 2024
The permission on the token directory is set by:
SoftHSMv2/src/lib/common/Makefile.am
Line 28 in eeffce8
Each object file has its permission set by:
SoftHSMv2/src/lib/object_store/File.cpp
Line 90 in f359392
So we currently only allow the owner to access the files. Does the owner of the files match your user account?
from softhsmv2.
vanrein
commented on August 22, 2024
Hi Rickard,
So we currently only allow the owner to access the files. Does the owner of the files match your user account?
If SoftHSMv2 is installed by an administrator for the use by anyone on the system, then this won't work. The flags I suggested are AFAIK what is needed to make users create tokens on a system-wide install and still not being able to view each other's tokens.
…-Rick
from softhsmv2.
bellgrim
commented on August 22, 2024
Also, the token directory has its permissions set by:
SoftHSMv2/src/lib/object_store/Directory.cpp
Line 229 in 3bfa3f1
The token and its objects are currently limited to the file owner. What permissions are you suggesting?
All user can set the environment variable SOFTHSM2_CONF and point to their own configuration file with a separate token directory.
from softhsmv2.
vanrein
commented on August 22, 2024
I propose to change the mode of /var/lib/softhsm/tokens to 1777:
- anyone can create token subdirectories directly under
/var/lib/softhsm/tokens - anyone can read the list of these token subdirectories
- only the owner of the subdirectory, root or the owner of
/var/lib/softhsm/tokens(which would normally be root) can remove a token subdirectory - this is the same regime as for
/tmp - setting this on
install -dmeans that/var/lib/softhsmis auto-created (if needed) with 0755, so without sticky bit, and readable/accessible to all.
The softhsmtokendir-stickybit.patch.txt implements this facility.
With this patch, I succeeded in creating new slots (numbered --slot 0 on both) with softhsm2-util from both root and user account, leading to:
shell# ls -lR var/lib
var/lib:
total 4
drwxr-xr-x 3 root root 4096 Mar 31 11:01 softhsm
var/lib/softhsm:
total 4
drwxrwxrwt 4 root root 4096 Mar 31 11:03 tokens
var/lib/softhsm/tokens:
total 8
drwx------ 2 myuser myuser 4096 Mar 31 11:03 2c9ab123-7e34-8b69-d8a7-2dc565957f76
drwx------ 2 root root 4096 Mar 31 11:01 6fe0cd4b-dd32-77ac-898a-b66da5ca37d8
var/lib/softhsm/tokens/2c9ab123-7e34-8b69-d8a7-2dc565957f76:
total 8
-rw------- 1 myuser myuser 8 Mar 31 11:03 generation
-rw------- 1 myuser myuser 0 Mar 31 11:03 token.lock
-rw------- 1 myuser myuser 320 Mar 31 11:03 token.object
var/lib/softhsm/tokens/6fe0cd4b-dd32-77ac-898a-b66da5ca37d8:
total 8
-rw------- 1 root root 8 Mar 31 11:02 generation
-rw------- 1 root root 0 Mar 31 11:01 token.lock
-rw------- 1 root root 320 Mar 31 11:01 token.object
Running this as the user, the token of root cannot be entered, though the directory 6fe0cd4b-dd32-77ac-898a-b66da5ca37d8 is shown:
shell$ ls -R var/lib/softhsm/tokens/*
var/lib/softhsm/tokens/2c9ab123-7e34-8b69-d8a7-2dc565957f76:
generation token.lock token.object
ls: cannot open directory var/lib/softhsm/tokens/6fe0cd4b-dd32-77ac-898a-b66da5ca37d8: Permission denied
shell$ rm -rf var/lib/softhsm/tokens/6fe0cd4b-dd32-77ac-898a-b66da5ca37d8/
rm: cannot remove `var/lib/softhsm/tokens/6fe0cd4b-dd32-77ac-898a-b66da5ca37d8': Permission denied
The one thing leaking here is that root has a token; but the hash is random (I presume) and reveals nothing; anything inside the directory is for root and root alone. This is the desired result.
I will comment on the other part(s) separately.
from softhsmv2.
vanrein
commented on August 22, 2024
My proposal to use setuid/setgid on directories is not as helpful as I had expected. Only setgid is reliably implemented across POSIX systems.
Setting setuid would have avoided that root, when operating on a user's repository, could have introduced new files with new ownership. Alas, this will not work.
Setting setgid alone is possible, but its merits are limited since we do not, by default, create files accessible to the group, for security reasons. Setting the "setgid" bit on the directory would be useful when we would have been interested in group access to the token.
So, in retrospect, this part of my proposal is not as doable as I initially imagined. Sorry.
The impact of not adding setuid/setgid on the token's UUID-style directory name is that root may create objects that the user cannot access. The patch provided in my foregoing comment makes this visible.
from softhsmv2.
bellgrim
commented on August 22, 2024
Are there anymore changes you would like to include or are you happy with #206 as a solution to this topic?
from softhsmv2.
vanrein
commented on August 22, 2024
What I would like to add won't make a portable solution, and so it should go. So what I propose is what is in this thread now, and nothing more.
from softhsmv2.
vanrein
commented on August 22, 2024
just noticed the ref to #206 -- yes, that makes me happy. thanks!
from softhsmv2.
bellgrim
commented on August 22, 2024
Thanks, the code has now been merged.
from softhsmv2.
Related Issues (20)
- Configure fails with >= botan 3.0.0
- C_Decrypt sometimes fails to decrypt properly
- Import fails with RSA-PSS keys HOT 1
- SIGSEGV using OpenSSL 3 PKCS11 provider with SoftHSM2 + Botan HOT 1
- ECB is not supported by Botan HOT 1
- Getting SIGSEGV in EVP_MD_CTX_free HOT 1
- Implements RFC5649 as CKM_AES_KEY_WRAP_PAD but should actually be CKM_AES_KEY_WRAP_KWP
- Per-slot configuration
- openssl operations involving pcks11 and softHSM result in segfault on exit HOT 9
- AES/GCM multi-part decryption fails with CKR_BUFFER_TOO_SMALL HOT 1
- Unit Tests fails HOT 4
- Make check test fails on OS X HOT 2
- AES key file format for import HOT 1
- Possible problem with v2.6.1 with RHEL8 in FIPS mode and using Java 17 HOT 4
- Documentation for SoftHSM is inaccessible HOT 4
- Coredump / Alma/rhel 9 HOT 2
- decrypting scrambled ciphered text with RSA succeeded on RHEL9 unexpectedly
- SoftHSM on AIX
- Issues with configure option `--with-openssl=PATH`
- Any chance for SignRecover and VerifyRecover implementation? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from softhsmv2.