-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow ROS2 CLI to support Security #69
Comments
Interesting points. I agree that (2) seems like a more general solution. I don't think there is any loss of security by going that route, since people could already change the node name during invocation anyway on the command line. Ideally it would also be possible to provide some "syntactic sugar" variable and/or command-line switch to handle the common case (namely, removing the PID suffix when looking up the node name in the security artifact directory tree). |
That would also be a good idea! I did something similar in SROS1 to enable roslaunch/ros-topic/ros-etc, but it was sort of hacky and just searched for PID patterned suffixes and striped them: I suppose we could signal and |
Still not sure how to handle the service caller or topic publisher though: Perhaps this an |
Hi, I've started a related discussion on Discoure: https://discourse.ros.org/t/ros2-security-cli-tools/6647 - would appreciate your input. |
* Expand node_secure_root using local_namespace * rcutils_normalize_path -> rcutils_to_native_path * correct comments and docblock * node_root_norm -> node_root_path * normalized -> native * Adding TODOs for function reuse * Adding Null check node_secure_root * Adding override for ROS_SECURITY_NODE_DIRECTORY Addressing ros2/sros2#69 * Change from strcpy to memcpy Signed-off-by: Ruffin White <[email protected]>
The following PRs addressing this issue have landed:
When using CLI tooling or debugging nodes, user may set Next step is to document this feature and intended use pattern. Would the README file here be most appropriate, or would github.com/ros2/ros2_documentation more suited to hosting this. ping @clalancette |
I think putting it in https://github.com/ros2/ros2_documentation would give it the most visibility, so I'd vote for putting it there. @tfoote may have some further advice. |
Looking at github.com/ros2/ros2_documentation just now, it seem like its in a peculiar state. I can't immediately recognize if its supposed to be a ROS2 wide wiki, or just a collection of unorganized docs for core ROS2 packages, or something else. I made a comment about it here: https://discourse.ros.org/t/ros-2-documentation-home-moving-to-index-ros-org-doc-ros2/6612/8 |
* Expand node_secure_root using local_namespace * rcutils_normalize_path -> rcutils_to_native_path * correct comments and docblock * node_root_norm -> node_root_path * normalized -> native * Adding TODOs for function reuse * Adding Null check node_secure_root * Adding override for ROS_SECURITY_NODE_DIRECTORY Addressing ros2/sros2#69 * Change from strcpy to memcpy Signed-off-by: Ruffin White <[email protected]>
As the relevant PRs have been merged for both the @ruffsl are there any remaining action items here? |
Mission accomplished 🚀 |
The ROS2 CLI utilizes a node_name_suffix to ensure an unique node name by including the process's pid:
https://github.com/ros2/ros2cli/blob/e5f67d0e0362462644a5530094fac43af84ca938/ros2cli/ros2cli/node/direct.py#L36-L38
This makes it difficult to provide any CLI the necessary root dir for its security artifacts at runtime.
I see a few solutions:
ROS_SECURITY_ROOT_DIRECTORY
, e.g:ROS_SECURITY_NODE_DIRECTORY
?I like 2) as it would allow users to override the normal root lookup when using any CLI or debugging nodes with separate temporary credentials provisioned with super privileges, e.g "*" permissions for all topics.
The text was updated successfully, but these errors were encountered: