Hi all, In the default pulp-consumer rpm installation, the gofer builtin plugin is enabled. This allows to call Shell.run() (from /usr/lib/gofer/plugins/builtin.py) unauthenticated :( Kindly, Chris Version-Release number of selected component (if applicable): pulp-common-0.0.223-4.el6.noarch pulp-consumer-0.0.223-4.el6.noarch pulp-client-lib-0.0.223-4.el6.noarch python-gofer-0.44-1.el6.noarch gofer-0.44-1.el6.noarch How reproducible: yum install pulp-consumer cat /etc/gofer/plugins/builtin.conf [main] enabled=1 [messaging] url= uuid=
Hey Chris, Thanks for filing this. I suspected this would come up a some point. In 0.49, I added PAM authentication capabilities to gofer and updated the Shell.run() method to require that a user and password be supplied. The shell command is executed as the specified user and authenticated with the supplied password (via pam). If disabling access to the Shell class (by default) is also necessary, I will probably move the Shell class from the builtin plugin to an new plugin that is packaged in it's own rpm. I'd rather leave the builtin plugin enabled because it provides the Admin class containing a help() method. The help() is generally useful and I don't see how it would present a security risk. Do you think the Shell class needs to be installed in a separate plugin if a user and password is required and authenticated? Or, is the authentication enough to mitigate the security risk? -jeff
Hi Jeff, thanks for your answer. At my opinion an authenticated Shell class would be enough to mitigate the security risk and useable in my server environment. But a seperated plugin rpm would also be a fine solution because not every project (beyond pulp) need the Admin/Shell class installed on all client (gofer agent) systems. kindly, chris
Shell.run() repackaged into a separate plugin (and rpm). Also, locked down by PAM authentication. Shell commands require a username and password. The shell command is run as the specified user after PAM authentication. Released in: gofer 0.49.
build: 0.235
Testing: 1) upgrade to gofer 0.50. 2) restart goferd 3) Do the following in python and note that the Shell class is no longer included in the "builtin" plugin by invoking the help() RMI. The help() method shows a list of available plugins along with provided classes (and methods), functions and actions. Then, create the Shell class and invoke the run() RMI and notice the ClassNotFound exception. $ python >>> from gofer import proxy >>> agent = proxy.agent('jortel') >>> admin = agent.Admin() >>> print admin.help() Plugins: <plugin> builtin Classes: <class> Admin methods: hello() help() Functions: echo(something) Actions: builtin.TestAction.hello() 1 day, 12:00:00 >>> shell = agent.Shell() >>> print shell.run('ps') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python2.7/site-packages/gofer/rmi/stub.py", line 72, in __call__ return self.stub._send(request, opts) File "/usr/lib/python2.7/site-packages/gofer/rmi/stub.py", line 132, in _send return self.__send(request, options) File "/usr/lib/python2.7/site-packages/gofer/rmi/stub.py", line 162, in __send any=opts.any) File "/usr/lib/python2.7/site-packages/gofer/rmi/policy.py", line 144, in send return self.__getreply(sn, reader) File "/usr/lib/python2.7/site-packages/gofer/rmi/policy.py", line 181, in __getreply return self.__onreply(envelope) File "/usr/lib/python2.7/site-packages/gofer/rmi/policy.py", line 197, in __onreply raise RemoteException.instance(reply) gofer.rmi.dispatcher.ClassNotFound: Shell >>> exit
just works :) thanks a lot. you can close this issue. regards, chris
verified [root@preethi ~]# rpm -q pulp pulp-0.0.237-2.fc15.noarch [root@preethi ~]# [root@preethi ~]# python Python 2.7.1 (r271:86832, Apr 12 2011, 16:15:16) [GCC 4.6.0 20110331 (Red Hat 4.6.0-2)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> from gofer import proxy >>> agent = proxy.agent('preethi') >>> admin = agent.Admin() >>> print admin.help() Plugins: <plugin> pulpplugin Classes: <class> ProfileUpdateAction methods: perform() <class> Packages methods: install(names, reboot, assumeyes) <class> PackageGroups methods: install(groups) <class> Heartbeat methods: send() Functions: <plugin> consumer Classes: <class> Consumer methods: bind(repo_id, bind_data) unbind(repo_id) unregistered() update(repo_id, bind_data) Functions: <plugin> builtin Classes: <class> Admin methods: hello() help() Functions: echo(something) Actions: pulpplugin.ProfileUpdateAction.perform() 4:00:00 builtin.TestAction.hello() 1 day, 12:00:00 pulpplugin.IdentityAction.perform() 0:00:01 pulpplugin.Heartbeat.heartbeat() 0:00:10 >>> shell = agent.Shell() >>> print shell.run('ps') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python2.7/site-packages/gofer/rmi/stub.py", line 72, in __call__ return self.stub._send(request, opts) File "/usr/lib/python2.7/site-packages/gofer/rmi/stub.py", line 132, in _send return self.__send(request, options) File "/usr/lib/python2.7/site-packages/gofer/rmi/stub.py", line 162, in __send any=opts.any) File "/usr/lib/python2.7/site-packages/gofer/rmi/policy.py", line 144, in send return self.__getreply(sn, reader) File "/usr/lib/python2.7/site-packages/gofer/rmi/policy.py", line 181, in __getreply return self.__onreply(envelope) File "/usr/lib/python2.7/site-packages/gofer/rmi/policy.py", line 197, in __onreply raise RemoteException.instance(reply) gofer.rmi.dispatcher.ClassNotFound: Shell >>>
Pulp v1.0 is released Closed Current Release.
Pulp v1.0 is released.