Investigate exozyme API security issues #147
Labels
No Label
bug
duplicate
enhancement
help wanted
invalid
question
security
wontfix
No Milestone
No project
No Assignees
1 Participants
Notifications
Total Time Spent: 2 hours 38 minutes
Due Date
a
2 hours 38 minutes
No due date set.
Blocks
#150 The future of exovpn
exozyme/exozyme
Reference: exozyme/exozyme#147
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Currently, we run the API as root which isn't the best for security. We do this because the
adduser
script needs root permissions to configure users. However, we should ideally run the API primarily under a different user and maybe use some customsudoer
configs to give that user permission to run a few certain commands.I think the safest option would be to use a setuid program called
configure-user
for configuring users inadduser
. The API would be run under a seperate user.Also, there's the question of whether we should package the API for Arch or for Nix since we might be switching to NixOS in the future.
If anyone wants to help, I'd like to have someone review the security of the proposal above. It might still have some security holes.
The problem is that we don't want the
exoapi
user that's running the API to have access to the LDAP password since if they're compromised, they can access password hashes and manipulate the DB and other fun stuff.The API was discontinued in #162.