DDS-Security 1.0 FTF Avatar
  1. OMG Issue

DDSSEC_ — Default permissions for partitions are too broad

  • Key: DDSSEC_-122
  • Status: closed  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    In section 9.4.1.3.2.3.1.2 (Publish Section) in the second to last paragraph it says:

    If there is no <partitions> Section then the rule allows publishing on any partition.

    Similarly in section 9.4.1.3.2.3.1.3 (Subscribe Section) in the second to last paragraph it also says:

    If there is no <partitions> Section then the rule allows subscribing on any partition.

    This seems to give too broad default permissions for 'allow rules' which can result on users incorrectly allowing what they did not intend.
    It is considered best-practices for allow rules to require explicit listing of what is allowed and default to not allow what not explicitly stated.

    Therefore it is suggested that the following changes are made.


    In section 9.4.1.3.2.3.1.2 (Publish Section) in the second to last paragraph replace

    If there is no <partitions> section then the rule allows publishing on any partition.
    With:
    If there is no <partitions> section then the rule allows publishing only in the "empty string" partition. See PARTITION QosPolicy entry in Qos Policies table of section 2.2.3 (Supported Qos) of the DDS Specification version 1.4.


    In section 9.4.1.3.2.3.1.3 (Subscribe Section) in the second to last paragraph replace:

    If there is no <partitions> section then the rule allows subscribing on any partition.
    With:

    If there is no <partitions> section then the rule allows subscribing only in the "empty string" partition. See PARTITION QosPolicy entry in Qos Policies table of section 2.2.3 (Supported Qos) of the DDS Specification version 1.4 .

  • Reported: DDS-Security 1.0b1 — Sun, 27 Dec 2015 15:29 GMT
  • Disposition: Resolved — DDS-Security 1.0
  • Disposition Summary:

    Modify 9.4.1.3.2.3.1.2 and 9.4.1.3.2.3.1.3 specify that if no partitions are specified permissions are limited to the empty partition

    As noted in the issue description it is safer for the allow behavior to default to narrower permissions. For this reason the changes suggested in the issue description should be applied.

  • Updated: Tue, 12 Jul 2016 14:45 GMT