Chef-solo documentation may cause security issues on implementations


I'd like to inform you about one potential risk where system administrators might be misled to where the "chef" user is not supposed to have root privileges on the host system.

Since, non-root users can run Ruby scripts with passwordless sudo privileges defined in the sudoers file then the "chef" user can create a Ruby file containing "system('/bin/bash')" in order to get a root shell.

chef@localhost$ sudo chef-solo -c /tmp/shell.rb

Therefore, I think the documentation might need some warning or definition where system administrators need to use chef-solo accessible for unprivileged users who should not become the built-in root user.

Kind regards.

Hi there, and welcome! Thanks for this report. The best way to report security concerns like this is to open an issue on the appropriate github repo (in this case the chef-web-docs repo). In this case, I've duplicated your report on the repo for you.

Additionally, since we're an open source community, we welcome pull requests! If you have an interest in contributing, feel free to open a pull request against that same repo.

Hey Benny

I must have missed the documents github repo, so thank you for opening the issue :slight_smile: . I'll update the markdown document and send a PR then.

1 Like