[pve-devel] [PATCH qemu-server v7 1/1] api: update: check 'admin' tags privileges

Dominik Csapak d.csapak at proxmox.com
Thu Sep 15 13:46:05 CEST 2022


On 9/14/22 16:15, Aaron Lauterer wrote:
> Something that crossed my mind:
> 
> Have you thought about not allowing tags if they match an admin tag, except for the '+'?
> Depending on what they will be used for in the future, there could be some potential to trick an 
> admin by creating a similar regular tag. Any code relying on admin tags should not have an issue 
> with that, but even though the color in the GUI should be different, one could try to trick an admin 
> to do something they should not, depending on the tags.
> Visual spoofing with similar looking UTF8 characters should not be much of an issue, due to the 
> regex used.
> 
> 

i get what you mean, but it's difficult to implement. in the current version,
we only ever have the tags currently defined, not the global defined ones.

alternatively we could let an admin define a set of admin tags in the cluster,
which could then be off-limits for setting/removing for non-admins

that would potentially also solve the problem of having a seperate regex
for them in the first place

as for confusion: admin tags always are prefixed with a '+' symbol currently
so, imho '+backup' and 'backup' are different enough?

> On 6/21/22 11:19, Dominik Csapak wrote:
>> normal tags require 'VM.Config.Options' on the VM, admin tags require
>> 'Sys.Modify' on '/'
>>
>> a user can set/delete/reorder tags, as long as no admin tags get
>> added/removed
>>
>> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> 
> 
> [...]






More information about the pve-devel mailing list