Project

General

Profile

Actions

User story #7986

closed

User story #6363: Secure agent/server communication

Make copying the tools encrypted again

Added by Janos Mattyasovszky about 8 years ago. Updated about 6 years ago.

Status:
Rejected
Priority:
N/A
Category:
System techniques
Target version:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:

Description

From a point of security it would be recommended to also encrypt the copy-progress of the tools.

This was changed in #7644 by:
https://github.com/Normation/rudder-techniques/commit/924bde1d#diff-54497584de9934e14ae1d1d338b27e04L79

Regarding it being open-source: It would theoretically allow examination of which version of tools the whole environment is using just by examining the network traffic by MITM, use that to determine which version of rudder you are using, and with that information find a vulnerability, that could serve as an attack vector.

It would make more sense to just create a different copy_from body that differs from remote by enabling preserve=true, just like there is a remote_unsecured_without_perms, this could be remote_with_perms...


Related issues 1 (0 open1 closed)

Related to Rudder - Bug #8159: Do not backup modified promise files and encrypt ncf/local transferReleasedNicolas CHARLES2016-04-07Actions
Actions #1

Updated by François ARMAND about 8 years ago

  • Assignee set to Benoît PECCATTE

Benoit, could you take a look to that?

Actions #2

Updated by François ARMAND about 8 years ago

Thinking a little more about that, isn't there a risk to let the attacker gain a huge information by letting he knows what exactly is encrypted on a communication (i.e a kind of known plain text attack ?). Not sure it is even remotly relevant, and what is more likelly (seems that your concern is more likelly than mine), just wanted to track it here.

Actions #3

Updated by Benoît PECCATTE about 8 years ago

Why not but this could have an impact on low end nodes likes raspberry pi.
The better solution would be to make this an option.

Making it an option in system technique is possible.
Making it an option in initial promises must wait a later release when both are merged.

Actions #4

Updated by Janos Mattyasovszky about 8 years ago

The tools do not change IMHO that often that it would make a huge difference... And it was just changed to unencrypted to solve a completely unrelated issue.

Actions #5

Updated by Benoît PECCATTE about 8 years ago

You're right

Actions #6

Updated by Alexis Mousset almost 8 years ago

  • Related to Bug #8159: Do not backup modified promise files and encrypt ncf/local transfer added
Actions #7

Updated by Benoît PECCATTE about 7 years ago

  • Tracker changed from Bug to User story
  • Parent task set to #6363
Actions #8

Updated by Alexis Mousset over 6 years ago

  • Target version set to 3.1.25

This does not exist anymore with 4.1+ servers (where TLS is used for everything).

Actions #9

Updated by Benoît PECCATTE over 6 years ago

  • Target version changed from 3.1.25 to 4.1.9
Actions #10

Updated by Vincent MEMBRÉ over 6 years ago

  • Target version changed from 4.1.9 to 4.1.10
Actions #11

Updated by Benoît PECCATTE about 6 years ago

  • Status changed from New to Rejected

This does not exist anymore with 4.1+ servers (where TLS is used for everything).

Actions

Also available in: Atom PDF