Open freedge opened 7 months ago
Hi @freedge , we are currently assessing all possible solutions. Is a password change via REST API an acceptable solution?
if you mean replacing the spawning of a process that is called with a password given as argument (and a possible command injection if the user provided password contains a ' ?) by some go code that calls the same API, then yes it fixes the problem. Though it would be probably a good idea for users to also have a way to securely call the api with "splunk cmd splunkd rest" in a secure fashion, so maybe the password can be provided from a file or from stdin (something like supporting reading the parameters from a file given after a @ symbol, etc.) It would be great also to warn users that, if they use this splunk cmd as documented (or curl -u as documented in the page you link), there is a security issue with the command (such as for example, curl does:)
On systems where it works, curl hides the given option argument from process listings. This is not enough to protect credentials from possibly getting seen by other users on the same system as they still are visible for a moment before cleared. Such sensitive data should be retrieved from a file instead or similar and never used in clear text in a command line.
Please select the type of request
Bug
Tell us more
Describe the request code such as https://github.com/splunk/splunk-operator/blob/dafc9d3dbbd45fff7322daa13550af35527ef921/pkg/splunk/enterprise/searchheadcluster.go#L368 executes a process with a password given as argument. The password appears in the process table and is recorded by auditing tools
Expected behavior processes should not be forked with a password as argument
Splunk setup on K8S
Reproduction/Testing steps
K8s environment
Proposed changes(optional)
K8s collector data(optional)
Additional context(optional)
Logs as captured by stackrox