[ros-users] [Discourse.ros.org] [Next Generation ROS] ROS2 Security: CLI tools
ruffsl
ros.discourse at gmail.com
Fri Nov 2 05:18:18 UTC 2018
[quote="aalon, post:4, topic:6647"]
Unless Im missing something, youd still have to specify the override directory, so the best we could do with that approach would probably look like:
`ros2 <verb> <action> --sdir="~/cli_sec_dir"`
[/quote]
An alternative might be to support `ros2 run` like args in more general ros2clis, like:
```
ros2 topic echo /chatter __ns:/ __node:listener
```
[quote="aalon, post:4, topic:6647"]
To minimize confusion or unexpected behavior, the node could print a log message that says which security directory was loaded.
[/quote]
:+1: I would also appreciate a log entry for location of the resolved security directory used. That'd make debugging missing or invalid security artifacts easier, knowing exactly where the node was looking first.
[quote="gbiggs, post:5, topic:6647"]
It was [this post ](https://github.com/ros2/design/pull/193#issuecomment-430372904) in the context of the actions design discussion.
I see that he was referring to topics and you are talking about directories on the file system, so probably its not relevant?
[/quote]
Yes, that was my little rant against core ros2 subsystems embedding uncontrollable dynamic strings in namespaced resources, making static access control infeasible; thus necessitating the use of wild card expressions for even basic features like actions. My cautionary stance towards longest-prefix matching lookup remains, but geven node names in general are controllable/accountable its not as bad as embedding a GUID/PID number in a object namespace.
---
[Visit Topic](https://discourse.ros.org/t/ros2-security-cli-tools/6647/8) or reply to this email to respond.
More information about the ros-users
mailing list