karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Guillaume Nodet (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (KARAF-5330) Default access control list for console allows any user to cat files, and write to files.
Date Wed, 06 Sep 2017 07:01:17 GMT

    [ https://issues.apache.org/jira/browse/KARAF-5330?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16154911#comment-16154911
] 

Guillaume Nodet edited comment on KARAF-5330 at 9/6/17 7:00 AM:
----------------------------------------------------------------

The shell supports reflection, and the reflection mechanism itself isn't secured by roles.
If you are really concerned about security, the only thing you can do is to use a java security
manager and permissions.  This way, you can also secure the file system access.




was (Author: gnt):
The shell is reflection based, and the reflection mechanism itself isn't secured by roles.
If you are really concerned about security, the only thing you can do is to use a java security
manager and permissions.  This way, you can also secure the file system access.



> Default access control list for console allows any user to cat files, and write to files.
> -----------------------------------------------------------------------------------------
>
>                 Key: KARAF-5330
>                 URL: https://issues.apache.org/jira/browse/KARAF-5330
>             Project: Karaf
>          Issue Type: Bug
>          Components: karaf-security, karaf-shell
>            Reporter: Tom Quarendon
>            Assignee: Jean-Baptiste Onofré
>             Fix For: 4.2.0, 4.0.10, 4.1.3
>
>
> The shell:cat command has no access control list associated with it in the default configuration.
> The same is true of the "shell:ls" command. There may be other shell: commands too that
can provide filesystem access. I don't know whether cd, pwd for example should be secured.
"tac" most certainly should.
> This means that any user that can access the ssh console can navigate the filesystem,
reading and writing files as they like.
> For example, given the default configuration, if I have a "normal" user and can therefore
access the console, I can use shell commands to find our or guess the location of the karaf
install (shell:pwd will do that), then cat the contents of the etc/users.properties file and
find out all users passwords (in the default configuration the passwords are in plain text).
I can also cat the etc/host.key file which would seem undesirable. 
> tac clearly would be a very dangerous command to have access to. It seems likely that
I could subvert many things by just writing directly to configuration files using tac. I could,
for example, change, or at least invalidate the admin password by rewriting the users.properties
file.
> All in all this feels like a major issue.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message