Mastodawn

You have an agent running on your local system. You want it to have access to a restricted set of things, both locally and remote. What is the technical mechanism you use to ensure that it has a subset of the access that you, as an individual logged into the same system, do?

(I am uninterested in "Don't run an agent" because while yes I see your point that doesn't mean it's not happening and security professionals have to deal with what's happening not what we want to be happening)

Show thread

robryk 2d ago

@mjg59

a) have target services accept some kind of fine-grained capabilities for authz (fat chance...),
b) proxy everything and apply your policies at single RPC level (but then some RPCs will not contain enough information to authz them and your proxy will need to either keep state, or make its own requests to gather that information),
c) allow agent access to running noninteractive shell commands as you (with all permissions you have) and have a policy on what it can run (it's less bad than doing the same when the commands are human-sourced, because you can allow for less variety and let agent figure it out; it's still very easy to mess up),
b') allow agent access to a small RPC service that you throw together that takes requests that are high-level enough so that you can apply policy to them and then translates them into actual lower-level ones.

None of these are particularly good (except for a which is unlikely to ever work). I'd personally do (b) if it can work with a stateless proxy and otherwise would likely do b' or c depending on how much in a hurry I was.

Show thread

Matthew Garrett

@robryk (b) is the best I've been able to identify so far and also nobody seems to sell a solution for that that isn't trying to do far too many other things as well

Show thread

robryk 2d ago

@mjg59 It's somewhat similar to what Google's boundary proxy in third-party-operated DCs does (at least the policy part of it). Sadly, I don't think any part of that is either open source or offered to people in any other setting (and it also does a bunch of things related to different roots of trust that wouldn't make sense here).

Show thread

Andrew 1d ago

@mjg59 @robryk I was going to suggest (b). It sounds an awful lot like an API Firewall. Put the auth tokens in the API fw, you could also inspect any fields being passed in, and out. Both if these would also help with data loss prevention.

Individual users/agents could have their access managed by authz tokens.

Could also proxy file shares so could tie those down.

Arrange for all outbound access from the agent to go via the API Firewall just to be sure.