From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id B4C0C92F5A for ; Thu, 15 Sep 2022 13:46:38 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id A2F7A7E1F for ; Thu, 15 Sep 2022 13:46:08 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Thu, 15 Sep 2022 13:46:07 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 79473442E5; Thu, 15 Sep 2022 13:46:06 +0200 (CEST) Message-ID: <70445d4c-9793-dd7e-fecc-e7832a4cb900@proxmox.com> Date: Thu, 15 Sep 2022 13:46:05 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:105.0) Gecko/20100101 Thunderbird/105.0 Content-Language: en-US To: Aaron Lauterer , Proxmox VE development discussion References: <20220621092012.1776825-1-d.csapak@proxmox.com> <20220621092012.1776825-10-d.csapak@proxmox.com> <8856001e-0872-2032-3d60-2408845ffcda@proxmox.com> From: Dominik Csapak In-Reply-To: <8856001e-0872-2032-3d60-2408845ffcda@proxmox.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.879 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -1.583 Looks like a legit reply (A) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: Re: [pve-devel] [PATCH qemu-server v7 1/1] api: update: check 'admin' tags privileges X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Sep 2022 11:46:38 -0000 On 9/14/22 16:15, Aaron Lauterer wrote: > Something that crossed my mind: > > Have you thought about not allowing tags if they match an admin tag, except for the '+'? > Depending on what they will be used for in the future, there could be some potential to trick an > admin by creating a similar regular tag. Any code relying on admin tags should not have an issue > with that, but even though the color in the GUI should be different, one could try to trick an admin > to do something they should not, depending on the tags. > Visual spoofing with similar looking UTF8 characters should not be much of an issue, due to the > regex used. > > i get what you mean, but it's difficult to implement. in the current version, we only ever have the tags currently defined, not the global defined ones. alternatively we could let an admin define a set of admin tags in the cluster, which could then be off-limits for setting/removing for non-admins that would potentially also solve the problem of having a seperate regex for them in the first place as for confusion: admin tags always are prefixed with a '+' symbol currently so, imho '+backup' and 'backup' are different enough? > On 6/21/22 11:19, Dominik Csapak wrote: >> normal tags require 'VM.Config.Options' on the VM, admin tags require >> 'Sys.Modify' on '/' >> >> a user can set/delete/reorder tags, as long as no admin tags get >> added/removed >> >> Signed-off-by: Dominik Csapak > > > [...]