Hi all, hi Pawel, Le samedi 22 novembre 2014 à 13:54 +0100, Pawel Sikorski a écrit :
<snip> > platform/core/security/key-manager <snip> > As for the extraction of signature levels (platform, public, partner), > originally, wrt-installer used a package used cert-svc repository, > module vcore. > > I will discuss this item more with Security Team and let you know the > output. <snip> Thank you for your investigation. I had no time to check today but will try tomorrow... maybe. However, I want to point out the fact that computing the privilege level is a very sensitive operation: it has to be fully trusted. IIRC, the security manager that currently is in charge of recording the privileges in Cynara's database is not checking the level of privileges. Then, any program with the correct privilege for using the security-manager features will be allowed to install an application with any privilege of any level. It is showing how setting a common code for installer is beneficial: all of its derived installer will gain a trusted common piece of code for computing the privilege level. This model is very simple and only needs that installers are trusted. It also requires that API's of security manager are filtered on specific privileges of high level. An other model would be to have a specific service to manage the privilege levels. But this way looks very impractical and should be considered only if the privilege level have to be checked in other places than installers. HERE IS THE QUESTION: Is the computation of the privilege level based on the signature chain used only in installers? I would like to insist on the importance of this aspect of the security. Best regards José Bollo _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
