Security Concerns Regarding the Integration of Arthas via Skywalking Plugin

[daymade]

Hello,

First of all, thank you for creating this plugin that integrates Arthas with Skywalking. While the plugin provides much-needed functionality and convenience, there are some security concerns that should be addressed:

• Sensitive Information Exposure: Arthas has the capability to access and modify the application's runtime data, which could include sensitive information. This doesn't align well with Skywalking's monitoring capabilities, leading to possible permissions not adhering to the principle of least privilege.

• Lack of Auditing: Accessing Arthas on a production server is a sensitive operation. If Skywalking's Web UI lacks proper authentication and authorization mechanisms, it could potentially allow unauthorized users to execute Arthas commands.

Recommended Security Measures:

• Principle of Least Privilege: Limit the Arthas commands and operations that can be executed via Skywalking. Alternatively, consider not enabling this feature in production environments.

It would be appreciated if these concerns could be taken into consideration for the plugin's future development.

[weixiang1862]

Thanks for your recommendation.

To be honest, no further advanced module (e.g: access-control, audit) will be developed in the future due to the potential conflict with my company commercial edition: BeyondMicroService. But I will keep upgrading with skywalking & arthas releases.

About your concerns, I have the following two suggestions:

• use third party authenticator ( e.g: nginx basic auth module ) to protect your skywalking portal and apis
• use agent config to disable sensetive arthas commands ( already supported by arthas-control-plugin )

  plugin.arthas.disabled_commands=${SW_ARTHAS_DISABLED_COMMAND:}