[
https://issues.apache.org/jira/browse/KARAF-5330?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16153566#comment-16153566
]
Tom Quarendon edited comment on KARAF-5330 at 9/5/17 12:40 PM:
---------------------------------------------------------------
Ah right. I looked for documentation that might tell me whether I could do
that. I tried something similar but obviously didn't get it right.
That's a problem then isn't it?
How do I stop people rewriting the etc/users.properties file and therefore
creating new admin users, or giving themselves new roles, thus circumventing
all the security?
I think that fundamentally access to the console ought to be subject to
presence of a role, like it used to be. I think that would be prudent.
was (Author: tomq42):
A right. I looked for documentation that might tell me whether I could do that.
I tried something similar but obviously didn't get it right.
That's a problem then isn't it?
How do I stop people rewriting the etc/users.properties file and therefore
creating new admin users, or giving themselves new roles, thus circumventing
all the security?
I think that fundamentally access to the console ought to be subject to
presence of a role, like it used to be. I think that would be prudent.
> Default access control list for console allows any user to cat files, and
> write to files.
> -----------------------------------------------------------------------------------------
>
> Key: KARAF-5330
> URL: https://issues.apache.org/jira/browse/KARAF-5330
> Project: Karaf
> Issue Type: Bug
> Components: karaf-security, karaf-shell
> Reporter: Tom Quarendon
> Assignee: Jean-Baptiste Onofré
> Fix For: 4.2.0, 4.0.10, 4.1.3
>
>
> The shell:cat command has no access control list associated with it in the
> default configuration.
> The same is true of the "shell:ls" command. There may be other shell:
> commands too that can provide filesystem access. I don't know whether cd, pwd
> for example should be secured. "tac" most certainly should.
> This means that any user that can access the ssh console can navigate the
> filesystem, reading and writing files as they like.
> For example, given the default configuration, if I have a "normal" user and
> can therefore access the console, I can use shell commands to find our or
> guess the location of the karaf install (shell:pwd will do that), then cat
> the contents of the etc/users.properties file and find out all users
> passwords (in the default configuration the passwords are in plain text). I
> can also cat the etc/host.key file which would seem undesirable.
> tac clearly would be a very dangerous command to have access to. It seems
> likely that I could subvert many things by just writing directly to
> configuration files using tac. I could, for example, change, or at least
> invalidate the admin password by rewriting the users.properties file.
> All in all this feels like a major issue.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
