EPICS Home EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

Format page
for printing


Search Tech-talk
1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  <20112012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  <20112012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>
Subject: Re: About ASG usage
From: Andrew Johnson <[email protected]>
To: [email protected]
Date: Thu, 21 Apr 2011 18:18:37 -0500 
Hi,

On Thursday 21 April 2011 05:04:42 [email protected] wrote:
> 
> I'm worndering if there is a way for a record on an IOC to
> allow all hosts except a specific host to access the record
> by using ASG.
> 
> Is there any way to achieve this in a simple fashion?

Not with the current access security code.  It might be an interesting project 
to implement excluded hosts like that, but I am concerned that people writing 
access security files might easily get confused as to what excluding a list of 
hosts might mean.  Suppose we implemented the ability to exclude a list of 
hosts and wrote a rule like this:

HAG(bad-hosts) {bad1, bad2}
ASG(DEFAULT) {
    RULE(1, READ) {
        HAG(!bad-hosts)
    }
    RULE(1, WRITE) {
        HAG(!bad-hosts)
    }
}

That seems straight-forward and should prevent the bad-hosts from accessing 
those PVs.  However this extended version could be dangerous:

HAG(bad-hosts) {bad1, bad2}
HAG(ro-hosts) {ro1, ro1}
ASG(DEFAULT) {
    RULE(1, READ) {
        HAG(!bad-hosts)
    }
    RULE(1, WRITE) {
        HAG(!bad-hosts, !ro-hosts)
    }
}

The author's intention was to allow read-only access to the ro-hosts, but the 
write rule actually allows *any* host to write to the PVs (although the bad-
hosts still can't read them).

I'm not saying that it would be impossible to fix, but I would want to see the 
modified documentation explaining how multiple HAGs involving exclusions like 
this interact and some test routines before the code was merged into an 
official release of Base.

It is also important to remember though that the CA client's hostname is sent 
over the network from the client program and can easily be spoofed, so an 
exclusion rule like this would not provide any protection from a malicious 
user who is allowed to run their own CA client programs on that specific host 
(but an inclusion rule doesn't either if the user can set their own hostname).

- Andrew
-- 
An error is only a mistake if you don't learn from it.
When you learn something from it, it becomes a lesson.
Replies:
Re: About ASG usage jun-ichi.odagiri
References:
About ASG usage jun-ichi.odagiri
Navigate by Date:
Prev: RE: Handling of String Array in CaChannel library Jeff Hill
Next: Re: seq-2-0-13-rc2 Benjamin Franksen
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  <20112012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
Navigate by Thread:
Prev: About ASG usage jun-ichi.odagiri
Next: Re: About ASG usage jun-ichi.odagiri
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  <20112012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
ANJ, 18 Nov 2013 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·