1256790 – cockpit propagated users it never should have

Bug 1256790 - cockpit propagated users it never should have

Summary: cockpit propagated users it never should have

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	cockpit
Sub Component:
Version:	22
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Peter
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-08-25 12:48 UTC by Dennis Gilmore
Modified:	2016-07-19 20:18 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2016-07-19 20:18:55 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Dennis Gilmore 2015-08-25 12:48:41 UTC

Description of problem:
In my environment I have a few different machines with cockpit on them. one of the machines has asterisk on it and runs a ftp server so that my polycom phones can get their ftp configs. I have ftp firewalled off to the outside wall and configured ssh on that machine to not allow that user to ssh in. I use freeipa for propagating users to different machines. 

I think I had miss understood the copy user configuration option in cockpit, I thought it would copy to the other machines the info about the hosts that cockpit knows about so if i log into any machine it will have all the hosts and I would not have to add them all again.

Because of the copying of the user spammers were able to use a server to send a lot of spam. 

I think that option should be removed, at the least it needs to be much clearer about what it is doing and not leave things up to user interpretation.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Stef Walter 2015-10-19 10:25:20 UTC

Peter is working on this as part of this:

https://trello.com/c/0B6y8SXP/216-better-workflow-for-adding-machines

Comment 2 Eric Christensen 2015-10-29 14:35:22 UTC

Is this a security issue or a documentation issue?

Comment 3 Peter 2015-10-29 14:41:18 UTC

It probably should have been better documented but instead we are reworking the UI to allow selection of which users to copy instead of copying them all automatically.

You can follow the upstream work here:
https://github.com/cockpit-project/cockpit/pull/3018

Comment 4 Eric Christensen 2015-10-29 15:03:44 UTC

If it's okay with you I'll remove the security status of this bug, then, and call it a documentation problem (no CVE).

Comment 5 Peter 2015-10-29 15:18:56 UTC

I think that makes sense.

Comment 6 Peter 2015-11-20 21:21:16 UTC

This was fixed upstream. Should be in the next release

Comment 7 Fedora End Of Life 2016-07-19 20:18:55 UTC

Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.