Re: [I] Management server hangs when js.interpretation.enabled=true [cloudstack]
winterhazel commented on issue #12523: URL: https://github.com/apache/cloudstack/issues/12523#issuecomment-4219338782 @DaanHoogland I think that the startup failure when an encrypted setting has a decrypted value in the database is the correct behavior. This indicates to operators that there is something wrong that they need to check. We just need to improve the logging when this failure happens. Maybe something like: `We expect the value of setting '' to be encrypted in the database with the Management Server's key, but we were unable to decrypt it using this key. This issue may happen when the value was manually changed in the database to a plain decrypted value. For reference on how to change the value of encrypted settings through the database, see .'` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Management server hangs when js.interpretation.enabled=true [cloudstack]
DaanHoogland commented on issue #12523: URL: https://github.com/apache/cloudstack/issues/12523#issuecomment-3990012299 @RosiKyu I read your comments and then the discussions following. What in you opinion is to be done (in order of priority)? @winterhazel same question to you.. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Management server hangs when js.interpretation.enabled=true [cloudstack]
winterhazel commented on issue #12523: URL: https://github.com/apache/cloudstack/issues/12523#issuecomment-3860829338 @shwstppr it was not my goal to imply that this was the decision of a single person. I was arguing only against the reason presented for having `js.interpreter.enabled` as a hidden setting, and that concern stands regardless of how many people agreed upon it. I've opened #12605 to propose turning this configuration in a regular one. We can further discuss this topic in there. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Management server hangs when js.interpretation.enabled=true [cloudstack]
GutoVeronezi commented on issue #12523: URL: https://github.com/apache/cloudstack/issues/12523#issuecomment-3853636893 @shwstppr @winterhazel Reviewing the private discussion, I see that the fix started with the config as hidden, and it was mentioned that we could discuss it, but we never had the actual discussion about whether it should or should not be hidden (perhaps because of the urgency to release the fixes or lack of time/attention; water under the bridge). Now that we no longer have such urgency, it is a good opportunity to discuss whether it makes sense to change it or keep it as it is. @winterhazel, if you will, create a PR with your proposal so we can move forward with the discussion. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Management server hangs when js.interpretation.enabled=true [cloudstack]
shwstppr commented on issue #12523: URL: https://github.com/apache/cloudstack/issues/12523#issuecomment-3853443659 @winterhazel it was not my logic alone. It was a PMC decision. I was just explaining the case. If you're not happy with it please raise with it. Also, you may create a change PR to make it a regular config and get it merged ✌️ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Management server hangs when js.interpretation.enabled=true [cloudstack]
winterhazel commented on issue #12523: URL: https://github.com/apache/cloudstack/issues/12523#issuecomment-3853102387 @shwstppr as I commented in https://github.com/apache/cloudstack/issues/12523#issuecomment-3811417331: the known vulnerabilities pertaining the JS were patched, weren't they? Other features that come enabled by default almost certainly have vulnerabilities that we are not aware of yet, but we cannot put them behind a hidden setting due to a hypothetical security issue. If we were consistent with how the JS interpretation was handled, then we would have to also disable and hide features like [direct download](https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.5-4.19.1.3/), [volume/template upload and register](https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.5-4.19.1.3/), which had CVEs in the past, and all other functionalities that uses administrator/user input in a shell/python script. The [extraconfig feature](https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.1-4.18.1.1/) could also be used to abuse the environment. Following your logic, root admins should not be able to see/change this configuration, yet the configurations related to this feature are not hidden. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Management server hangs when js.interpretation.enabled=true [cloudstack]
shwstppr commented on issue #12523: URL: https://github.com/apache/cloudstack/issues/12523#issuecomment-3851214223 @winterhazel while in most cases ROOT admin will have access to the system as well (underlying server), but there can be cases when ROOT admin is just the CloudStack admin. In those cases, a non-hidden config can be changed by this CloudStack admin and the system can be under security risk as highlighted by the CVE for which this setting was introduced. There could be better means to alter such configs, but for no,w ACS provides only the hidden configs -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Management server hangs when js.interpretation.enabled=true [cloudstack]
winterhazel commented on issue #12523: URL: https://github.com/apache/cloudstack/issues/12523#issuecomment-3849029255 > [@winterhazel](https://github.com/winterhazel) [@RosiKyu](https://github.com/RosiKyu) cc [@DaanHoogland](https://github.com/DaanHoogland) The idea behind keeping some settings hidden is to not allow root admin accounts to change them. Only a privileged user having access to DB would be able to change them. Incidentally all hidden settings are encrypted currently which can be documented. @shwstppr ok, but my point is that `js.interpretation.enabled` should not be kept hidden. Is there a reason for restricting root admin accounts, which can already do anything they want with all resources in the environment as long as they receive API permission, from enabling a feature that only they will be able to use? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Management server hangs when js.interpretation.enabled=true [cloudstack]
shwstppr commented on issue #12523: URL: https://github.com/apache/cloudstack/issues/12523#issuecomment-3836405973 @winterhazel @RosiKyu cc @DaanHoogland The idea behind keeping some settings hidden is to not allow root admin accounts to change them. Only a privileged user having access to DB would be able to change them. Incidentally all hidden settings are encrypted currently which can be documented. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Management server hangs when js.interpretation.enabled=true [cloudstack]
winterhazel commented on issue #12523: URL: https://github.com/apache/cloudstack/issues/12523#issuecomment-3835167748 @DaanHoogland yes, I agree with @RosiKyu's suggestions in 1 and 3. 2 not so much as I think that it should not be hidden at all. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Management server hangs when js.interpretation.enabled=true [cloudstack]
DaanHoogland commented on issue #12523: URL: https://github.com/apache/cloudstack/issues/12523#issuecomment-3812108922 > 3\. Consider adding validation/error handling for encrypted config values in short @winterhazel , you would agree with ^ this? Should be a simple PR. I’ll put it on my list -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Management server hangs when js.interpretation.enabled=true [cloudstack]
winterhazel commented on issue #12523: URL: https://github.com/apache/cloudstack/issues/12523#issuecomment-3811417331 > [@winterhazel](https://github.com/winterhazel) , any thoughts? @DaanHoogland regarding the startup failure, it is the behavior I find correct for this situation. There should also be a clear message in the logs informing that there was an issue while decrypting this configuration's value, so that operators know what to look into. I have some thoughts about `js.interpretation.enabled` though. I do not have access to the discussion regarding the CVE that prompted the introduction of this setting to know why it was handled that way. However, I think that it should not have been made a hidden setting with an encrypted value, and should be enabled by default. The vulnerability was fixed as far as I am aware; also, the APIs that allow configuring scripts (host, Quota tariff, and secondary storage selector configuration) should only be accessible to people with access to the infrastructure. Hence, if a new vulnerability with the interpreter gets discovered and exploited, that is not an issue with the platform, but internal permission granting issues. Other features that come enabled by default may have vulnerabilities that we are not aware of yet, but that's not a reason for we to disable them by default. Having it as a hidden encrypted setting just makes it unnecessarily difficult for operators to use the featur es. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Management server hangs when js.interpretation.enabled=true [cloudstack]
DaanHoogland commented on issue #12523: URL: https://github.com/apache/cloudstack/issues/12523#issuecomment-3805761457 @winterhazel , any thoughts? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [I] Management server hangs when js.interpretation.enabled=true [cloudstack]
RosiKyu commented on issue #12523: URL: https://github.com/apache/cloudstack/issues/12523#issuecomment-3801950507 ### Update The root cause has been identified. The `js.interpretation.enabled` setting requires an **encrypted** value in the database, not plain text. **Workaround:** 1. Get encryption key: `cat /etc/cloudstack/management/key` 2. Encrypt the value: `java -classpath /usr/share/cloudstack-common/lib/cloudstack-utils.jar com.cloud.utils.crypt.EncryptionCLI -p -i true` 3. Update with encrypted value: `UPDATE configuration SET value='' WHERE name='js.interpretation.enabled';` **Remaining issues:** 1. Server hangs silently instead of showing a clear error when decryption fails 2. No documentation that this hidden setting requires encryption 3. Consider adding validation/error handling for encrypted config values Could be closed as user error, but suggesting improvement to error handling. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
