search

rocksclusters / base

Base roll for Rocks Clusters
http://www.rocksclusters.org/
25 stars 10 forks source link

/root is left with a+rx permissions, which is insecure #18

Closed ghost closed 7 years ago

ghost commented 7 years ago

After running the base roll, the /root directory is left with a+rx / 555 / dr-xr-xr-x permissions, allowing all users to view it's contents, which may cause security issues. The offending lines appear to be in nodes/ssh.xml:

<!-- change permissions on /root/ and /root/.ssh/ directories so cluster-dist can read root's 'id_rsa.pub' when it's run by a non-root user -->

chmod a+rx /root
mkdir /root/.ssh
chmod a+rx /root/.ssh

If the reason given is true, I'm sure there are better ways to access a public key other than exposing all of the /root directory to everyone.

phpHavok commented 7 years ago

Bumping this. Is anyone looking into a fix? As the public key does not need to be protected anyway, how about copying it to another location on the file system that is inherently world-readable? Then, /root can remain 0700.

ppapadopoulos commented 7 years ago

You should be able to change the permissions without issue -- likely left over for less secure way of getting keys where they need to be. To admin your cluster nodes, root's public key must be put in the compute node's authorized_keys files. It looks in /etc/ssh/authorized_keys for the key to drop in

That key /etc/ssh/authorized_keys/id_rsa.pub is hardlinked to /root/.ssh/id_rsa.pub That hardlink is created /etc/profile.d/ssh-key.sh

ls -ld /root /root/.ssh

dr-x------ 27 root root 4096 Apr 24 10:32 /root drwx------ 2 root root 4096 Mar 6 14:54 /root/.ssh

To verify that a key WILL be dropped in the right place

sudo -u apache /opt/rocks/bin/rocks list host profile compute-0-0 | less

And go look for authorized_keys (two places, one in the pre, on in the post)

On Tue, Apr 25, 2017 at 6:32 AM, Jacob Chappell notifications@github.com wrote:

Bumping this. Is anyone looking into a fix?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/rocksclusters/base/issues/18#issuecomment-297030730, or mute the thread https://github.com/notifications/unsubscribe-auth/ADOpTS3Jbp1D2KALujBNW5uGZ9_GCkryks5rzfXTgaJpZM4Mu7n9 .

-- Philip Papadopoulos, Ph.D ppapadopoulos@ucsd.edu (858) 822-3628

ghost commented 7 years ago

I've done a little digging, and although users assuming that the /root dir is private and using it as such without checking the perms is possible, there doesn't appear to be anything else insecure about leaving this directory readable (in fact, some BSDs have this setting as their default). If no quick fix is forthcoming, then I'm happy to label this as 'wontfix' and close the issue.