karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré ...@nanthrax.net>
Subject Re: Preventing access to shell:exec in 4.0.7
Date Fri, 09 Dec 2016 13:20:35 GMT
I think it would be an interesting plugin to add.

Do you mind to create a Jira about that ?

Regards
JB

On 12/09/2016 02:16 PM, Paul McCulloch wrote:
> I think I've come to the same conclusion. It looks like some work on
> RBAC has been done in HawtIO
> (https://github.com/hawtio/hawtio/issues/465) so I'll see if that's any use.
>
> On 9 December 2016 at 12:57, Achim Nierbeck <bcanhome@googlemail.com
> <mailto:bcanhome@googlemail.com>> wrote:
>
>     I fully agree with Milen on this.
>     The WebConsole is just to "powerful" for an "ordinary" user.
>     Just think of starting/stoping bundles by accident. This alone is
>     already malicious enough, and hard to track ;)
>
>     regards, Achim
>
>     2016-12-09 13:55 GMT+01:00 Milen Dyankov <milendyankov@gmail.com
>     <mailto:milendyankov@gmail.com>>:
>
>         I know this does not help you at all but IMHO giving random
>         users access to webconsole is terrible idea. I personally
>         consider webconsole only useful for developers and eventually
>         highly trusted, responsible and knowledgeable administrators.
>
>         On Fri, Dec 9, 2016 at 1:48 PM, Paul McCulloch
>         <pkmcculloch@gmail.com <mailto:pkmcculloch@gmail.com>> wrote:
>
>             Yes. Only admins can use webconsole, so the web console user
>             can modify the roles required for shell:exec to match
>             themselves.
>
>             I guess what I am really saying is that I want a non admin
>             user to be able to use web console.
>
>             Even if I do stop a webconsole user from executing
>             shell:exec, there is nothing to stop them loading a bundle
>             that does whatever they want. So it would just be raising
>             the bar for a malicious admin user.
>
>             I think I may look at running karaf inside some sort of
>             container (chroot, Docker) to reduce the rick of granting
>             Karaf adamin rights where I don't want to give an OS login.
>
>             Thanks.
>
>             Paul
>
>             On 9 December 2016 at 12:36, Jean-Baptiste Onofré
>             <jb@nanthrax.net <mailto:jb@nanthrax.net>> wrote:
>
>                 By command, you mean shell:exec ? The acl should already
>                 prevent execution if the user doesn't have in the
>                 expected role.
>
>                 Regards
>                 JB
>
>                 On 12/09/2016 01:30 PM, Paul McCulloch wrote:
>
>                     That would be ideal, but right now I'm looking for
>                     any way to prevent
>                     access to these (very dangerous I think) commands.
>
>                     On 9 December 2016 at 12:08, Jean-Baptiste Onofré
>                     <jb@nanthrax.net <mailto:jb@nanthrax.net>
>                     <mailto:jb@nanthrax.net <mailto:jb@nanthrax.net>>>
>                     wrote:
>
>                         Hi Paul,
>
>                         So basically, you want RBAC on the webconsole.
>                     Correct ?
>
>                         It's not possible today without changing the
>                     webconsole. It's a good
>                         idea to add such feature.
>
>                         Regards
>                         JB
>
>
>                         On 12/09/2016 12:52 PM, Paul McCulloch wrote:
>
>                             Hi,
>
>                             I'm trying to prevent access to shell:exec
>                     from the console to
>                             try and
>                             harden my karaf install.
>
>                             I can revoke access from an admin user with
>                     "config:property-set -p
>                             org.apache.karaf.command.acl.shell exec
>                     uberadmin". I can also
>                             prevent
>                             the user from using config:property-set from
>                     restoring the
>                             permissions.
>
>                             What I can't seem to do is prevent an admin
>                     user from restoring
>                             permissions via the web console's
>                     Configuration gui.
>
>                             I want to permit remote access to the web
>                     console, but I don't
>                             want to
>                             give users the ability to run arbitrary
>                     commands on the server.
>
>                             Thanks,
>
>                             Paul
>
>
>                         --
>                         Jean-Baptiste Onofré
>                         jbonofre@apache.org <mailto:jbonofre@apache.org>
>                     <mailto:jbonofre@apache.org
>                     <mailto:jbonofre@apache.org>>
>                         http://blog.nanthrax.net
>                         Talend - http://www.talend.com
>
>
>
>                 --
>                 Jean-Baptiste Onofré
>                 jbonofre@apache.org <mailto:jbonofre@apache.org>
>                 http://blog.nanthrax.net
>                 Talend - http://www.talend.com
>
>
>
>
>
>         --
>         http://about.me/milen
>
>
>
>
>     --
>
>     Apache Member
>     Apache Karaf <http://karaf.apache.org/> Committer & PMC
>     OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/
>     <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer & Project
>     Lead
>     blog <http://notizblog.nierbeck.de/>
>     Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>
>     Software Architect / Project Manager / Scrum Master
>
>

-- 
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com

Mime
View raw message