Skip to content

v3.0.0

Latest
Latest
Compare
Choose a tag to compare
@LeChatP LeChatP released this 13 Sep 21:18
· 31 commits to main since this release
v3.0.0
b38ccbe
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

🎉 RootAsRole v3.0.0 is Here! 🎉

What Does This Mean? 🚀

This release marks a huge milestone for RootAsRole! After months of dogfooding RootAsRole in my own setup without a hitch, I'm excited to finally say: we’re ready for deployment!

In addition to thorough automatic unit testing, I’ve been hard at work reviewing CVEs from both the Sudo-rs and sudo projects, ensuring RootAsRole remains secure and solid. Along the way, I squashed some bugs (all tracked in the commits), further polishing the reliability of the tool.

One major update: we've extracted the "capable" tool into a separate repository—it's a bit of a heavyweight right now and not quite ready for daily production. This way, RootAsRole stays lean and clean, with a lighter development environment for you.

What's New? ✨

  • 🛠 Tons of fixes following daily personal use, making RootAsRole smoother than ever!
  • 🌟 "capable" has a new home in its own repo: RootAsRole-capable.
  • 🤖 Automated deployments with easy-to-use .deb and .rpm packages.
  • ⚡️ Simplified installation process and streamlined dependencies.
  • 🧑‍💻 Optimized binaries that now require fewer C libraries—just libc for chsr, and pcre2 + pam (and libc) for sr.

And since v2.X, what happened ?

It's been a long journey. In October 2021, I started my PhD on the principle of least privilege, a logical continuation of my previous work during a second-year graduate internship. Two years later, I'm delighted to have deepened my research and significantly improved RootAsRole, in line with the state of the art and usability principles.

When I took over this project, I initially set out to make it ‘usable’ and ‘reliable’, so that it would provide accurate and fancy results for the research articles I was writing. However, as I worked on the new features, I discovered that managing memory security was impacting my productivity, as I had to continually check previously developed elements, in the fear of missing something that could be a big issue.

That's when I discovered Rust, a good solution for my fears! During a holiday, I decided to immerse myself in this language by completely rewriting RootAsRole. What a complex language! But right from the start, I knew that this work would save me a considerable amount of time.

Since version 2.X, it had become clear to me that there was a conceptual problem with RootAsRole. So I scrupulously followed the RBAC standards and their various variants (RBAC-0, OrBAC, etc.), which enabled me to clarify the conceptualisation of the tool. A quick note: in examining a lot of code, I've noticed that many libraries and services claiming to implement RBAC are mistaken.

I quickly implemented RBAC-0, then I implemented the static separation of roles, the hierarchy of roles in ‘plugins’, judging that they were not necessarily necessary in personal environments for example. I also rewrote the configuration file in JSON rather than XML, because no library provided all the functionality needed in XML (DTD, comment management). Conceptually, the policy is sufficiently structured to be stored in a relational database. I therefore decided to split the configuration in two: a ‘fixed’ part containing information about the policy, and the policy itself stored in another file, or directly integrated into the same file in JSON. I've also set up a versioning mechanism and a transparent update of the configuration and the policy.

chsr is a difficult policy modification tool to conceptualise. I looked for complex commands that had very good clarity, and I took inspiration from the ip and nftables commands for the organisation of my command. To do this, I had to learn how to write a grammar for a parser, and I discovered the pest library, which allowed me to do this easily with Rust.

Also, I had this thought: if you give administrator rights to a user, he can change the policy and roles, it is not desirable. So I made the RootAsRole configuration immutable with the chattr +i file system attribute. Also, I've gained a better understanding of everything that's possible with Linux capabilities, but above all everything that's really useful and practical for a privilege management tool.

Speaking of performance, I was able to run an initial benchmark between the version of sudo (C version) installed on my machine and RootAsRole. I was pleasantly surprised to find that RootAsRole was around 60% faster than sudo for the simple ‘sr ls’ and ‘sudo ls’ commands. However, further tests are needed to confirm these results and explain why a such huge difference.

Today, I'm proud to present RootAsRole 3.0, a complete, secure and easy-to-use role management tool. I hope you'll find it useful and enjoy using it as much as I enjoyed developing it. Don't hesitate to send me your feedback, I'm always interested in your suggestions for improving this tool. I'm counting on you to help me to make it even more secure, efficient, useful and reliable.

As capable is now in its own repository, I have many objectives, aligning with my PhD studies, and this is so exciting! So tomorrow, I am focusing on this tool that helps configuring RootAsRole.

In the future, I intend to continue to maintain the project, study proposals and improve RootAsRole.

Full Changelog:

Check out all the details here.

Thank you all !
Eddie

Assets 10
Loading
2 Join discussion