karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From t..@quarendon.net
Subject Potential security issue with default karaf console access control lists?
Date Thu, 31 Aug 2017 11:01:29 GMT
Any user that can log on to the karaf console appears to be able to run the "shell:cat" command
(among others), and hence view any file that the operating system user that's running the
karaf process can see. Whilst there is access control on a few of the shell scope commands,
it seems that the default access control allows any user to run things with no explicit access
control.

This *feels* like a security issue to me. 

I'd like to be able to restrict access to the shell completely, but from experiment and looking
at the code it appears that anyone who has some kind of "role" assigned to them (either directly,
or as a member of a group) appears to be able to connect to the karaf console, and hence can
potentially navigate the visible filesystem.  This doesn't feel very desirable. 

It seems a shame that I can no longer restrict access to the console using the "sshRole" configuration
property (still referenced in the documentation), but it seems that was removed when the role
based access control was introduced.

Other than physically restricting access to the SSH port, are there other ways I can restrict
access to the console? Or do I need to develop my own access control list for the shell scope,
and accept that all users can potentially access the console?

Thanks.

Mime
View raw message