You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We know that the node daemon usually runs with root privileges. Now, the node has a handful of build-in functionalities, including running commands, spawning a shell, or even starting a full terminal window. The node does all of this by creating sub processes which runs under the same privileges as the node itself, meaning root privileges. What does this mean? When we open a terminal window from the manager, this terminal is run with root privileges. Cool, right? Not exactly.
Implement a way of authentication, may it be by public-private key pairs or by a password input, on launching sensitive commands on the node (like launching a terminal). Currently only a token string is checked before running a command. This represents no security, as token strings can be hijacked / spoofed (A hijacked token string allows running root commands on all nodes without authentication).
Allow users to disable some of the nodes functionality. There is no reason to give the node daemon so much power, even neglecting all system available resources like SSH. These features should be disabled by default! Maintaining nodes is perfectly possible using secure means like SSH, why implement an additional backdoor into the system?
This issue needs to be addressed as quickly as possible. The current node api ignores basic security standards by bypassing secure authentication mechanism. This puts the nodes at risk to be used in a larger scale botnet by malicious attackers, and ultimately renders the network insecure ( - the "new internet" should build on privacy and security).
BR
The text was updated successfully, but these errors were encountered:
https://github.com/skycoin/skywire/blob/561cf0be3fbaa1a8f05f70b50b71f56e84cd6128/node/api/api.go#L113
We know that the node daemon usually runs with root privileges. Now, the node has a handful of build-in functionalities, including running commands, spawning a shell, or even starting a full terminal window. The node does all of this by creating sub processes which runs under the same privileges as the node itself, meaning root privileges. What does this mean? When we open a terminal window from the manager, this terminal is run with root privileges. Cool, right? Not exactly.
Speaking of hardening SSH security: https://www.digitalocean.com/community/tutorials/ssh-essentials-working-with-ssh-servers-clients-and-keys. These measures are completely useless, because the node daemon does not care about SSH. The node is able to spawn a root shell on the underlying system without asking for any permission, in this regard, acting like a malicious backdoor.
What needs to be addressed with this issue?
This issue needs to be addressed as quickly as possible. The current node api ignores basic security standards by bypassing secure authentication mechanism. This puts the nodes at risk to be used in a larger scale botnet by malicious attackers, and ultimately renders the network insecure ( - the "new internet" should build on privacy and security).
BR
The text was updated successfully, but these errors were encountered: