Project

General

Profile

Actions

Bug #18286

closed

Agents fail to check their policy server's identity

Added by Alexis Mousset about 4 years ago. Updated over 1 year ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Reviewed
Fix check:
Checked
Regression:

Description

The situation:

  • With protocol v1 changing server certs prevented connection from nodes (but very likely because of a bug more than a security check), and required removing server public key on nodes
Authentication failure: private decrypt of received challenge failed (padding check failed)
  • With protocol v2 nodes always trusts nodes having an IP matching the one configured (or resolved from hostname) as policy server.

We promise at least a TOFU on these connections, with the ability to securely provision nodes.

In the current situation, an attacker only needs to use the root or relay IP or poison the DNS, and can take control of the nodes (even without knowing their ids as code can be injected in ncf).


Subtasks 15 (0 open15 closed)

Architecture #18291: Add a keyword to restrict copy_from sources by keyReleasedBenoît PECCATTEActions
Bug #18293: Bootstrap should only trustkey if it has no trusted key yetReleasedBenoît PECCATTEActions
Bug #18319: Typo in ticket 18293ReleasedAlexis MoussetActions
Bug #18323: policies broken by parent ticketReleasedAlexis MoussetActions
Bug #18345: Broken policy in parent when agent is not compatibleRejectedActions
Bug #18343: Agents only check server IP when downloading policies - 5.0 fixesReleasedFélix DALLIDETActions
Bug #18344: copyfrom_restrict_keys not correctly applied in 5.0 initial policiesReleasedFélix DALLIDETActions
Bug #18348: After a factory reset agents can no longer download their policies from the new server they are managed byReleasedAlexis MoussetActions
Bug #18407: Factory reset does not workReleasedBenoît PECCATTEActions
Bug #18408: Factory reset does not work - techniquesReleasedNicolas CHARLESActions
Bug #18410: Parent will fait to trust server in some casesReleasedNicolas CHARLESActions
Bug #18422: parent ticket fails to prevent trustReleasedAlexis MoussetActions
Bug #18356: Add a command to reset trustReleasedAlexis MoussetActions
Bug #18399: Improve messages in agent about server key resetReleasedFrançois ARMANDActions
Bug #18430: server-reset-keys should call a resetReleasedBenoît PECCATTEActions

Related issues 2 (0 open2 closed)

Related to Rudder - Bug #18289: Missing system variable "POLICY_SERVER_KEY"ReleasedAlexis MoussetActions
Related to Rudder - Bug #18297: Store policy server key hash separately to establish a specific trustRejectedActions
Actions

Also available in: Atom PDF