r0h4n
commented
6 years ago What is the summary of this, where do we stand today?
@TimothyAsir @mbukatov
Open TimothyAsirJeyasing opened 7 years ago
r0h4n
commented
6 years ago What is the summary of this, where do we stand today?
@TimothyAsir @mbukatov
The following are the identified security issues should be fixed in tendrl.
1) Currently tendrl does not work with selinux enabled. A SELinux-enabled system that runs in permissive mode is not protected by SELinux. which will leads to privilege escalation issue. This allows the system to be attacked if it does not managed by Selinux completely. A normal user with no specific privileges on the system who is trying to interact with one of the root-running processes that can suddenly misbehave and give the user root access or allows the user to launch root access commands.
2) Currently tendrl services like gluster-integration, node-agent, api, monitoring-integration services are running as unconfined services.
ex1: system_u:system_r:unconfined_service_t:s0 18240 ? 02:51:40 tendrl-node-age ex2: system_u:system_r:unconfined_service_t:s0 18240 ? 02:51:40 tendrl-api … Unconfined Service issue:- This will leads the 'privileges of the process' being attacked easily. Tendrl process that run as root are prone to be attacked to get root access on the system.
3) From the (Ex1, ex2) tendrl-node-agent, tendrl-api or tendrl-monitoring-integration service and its spawns, it is clear that it does not belong to any selinux domain. Proper selinux domain should be assigned to every tendrl services to identify what is allowed for this service.
4) Currently tendrl does not have enough confined rules for files being used by its process. Contexts for files used by tendrl should also be specified clearly. So that the resource can be used with the restricted gated privilege. The file or directory created in a directory should also acquire same context.
5) Currently, tendrl needs SElinux in permissive mode, It can not be left to see later. Because When the system runs SELinux in permissive mode, users are able to label files incorrectly. Files created with SELinux in permissive mode are not labeled correctly while files created while SELinux is disabled are not labeled at all. This behavior causes problems when changing to enforcing mode.