Apache Baremaps Security Model

This document describes the security assumptions and roles for Apache Baremaps. It clarifies who is trusted and their responsibilities.

Roles

• Administrator: Administrates Apache Baremaps, managing the system, configurations, tasks, and data through the CLI or other administrative interfaces.
• User: Uses Apache Baremaps through limited, controlled interfaces such as the web interface or API.

Trust Model

• Trusted:

  • Administrators

• Untrusted:

  • Users

Security Assumptions

• Administrators are fully trusted and responsible for the security of the system and application.
• Configuration files and data sources are managed exclusively by trusted administrators.

Security Boundaries

• Apache Baremaps relies entirely on trusted administrators to manage files and data.
• Risks such as file path traversal are low because only administrators have access to critical configuration and data inputs.

Example: Partial Path Traversal Vulnerability in Zip Files

Administrator-provided files are trusted. For instance, if an administrator uses a zip file with a path traversal vulnerability, Apache Baremaps does not systematically sanitize the content, as the administrator is expected to ensure the integrity of the files.

User-provided files are not trusted. For instance, if a user uploads a file through an HTTP endpoint, Apache Baremaps must systematically sanitize and validate the content to block partial path traversal attacks.

Reporting Security Issues

Report vulnerabilities to security@apache.org. The Baremaps PMC will address issues following Apache Security guidelines.