riobard
commented
4 years ago If you have some hacker on the server, the server is already compromised.
Closed midnight-wonderer closed 4 years ago
riobard
commented
4 years ago If you have some hacker on the server, the server is already compromised.
midnight-wonderer
commented
4 years ago There is more than one way to invoke a command. The most simple one is via unescaped command arguments. Sure, shelling something without escaping an argument is a bug, but ss server make it worse.
This is the very same reason zip command encourage user to supply their password after prompt. The option to supply password via command arguments is undocumented; the fact was mentioned somewhere but at least undocumented in --help option.
riobard
commented
4 years ago Do you think this is the same issue https://github.com/shadowsocks/go-shadowsocks2/issues/15? If so we can close this one and discuss there.
midnight-wonderer
commented
4 years ago I am not a security expert, but as far as I know, the config file discussed there could be a way to solve the issue. (Based on my limited knowledge.)
This thread focused on the security aspect of the current implementation. In contrast, #15 focused on the functionality, although there is a comment mentioned some security aspects, it is not emphasized as a whole.
If the functionality in #15 is the way you want to solve the issue, sure, to my knowledge, that will work too. You can close this thread if that is the case. However, you can also keep this thread open to open for broader discussion. (Although, nothing more to add from me.)
riobard
commented
4 years ago I'd consider the two issue the same for both security and convenience reasons.
Hi, Whenever some hacker invoke ps shell command (even with a non-privileges user), the ss server would be compromised since they can see the key as a command arguments from there. Please add other mean of supplying secret key to prevent such issues. Maybe, via pipe?