Chef-solo documentation may cause security issues on implementations

goku704 · September 21, 2020, 2:32pm

Hi,

I'd like to inform you about one potential risk where system administrators might be misled to where the "chef" user is not supposed to have root privileges on the host system.

Since, non-root users can run Ruby scripts with passwordless sudo privileges defined in the sudoers file then the "chef" user can create a Ruby file containing "system('/bin/bash')" in order to get a root shell.

chef@localhost$ sudo chef-solo -c /tmp/shell.rb
root@localhost#

Therefore, I think the documentation might need some warning or definition where system administrators need to use chef-solo accessible for unprivileged users who should not become the built-in root user.

Kind regards.

bennyvasquez · September 23, 2020, 3:18pm

Hi there, and welcome! Thanks for this report. The best way to report security concerns like this is to open an issue on the appropriate github repo (in this case the chef-web-docs repo). In this case, I've duplicated your report on the repo for you.

Additionally, since we're an open source community, we welcome pull requests! If you have an interest in contributing, feel free to open a pull request against that same repo.

goku704 · September 23, 2020, 3:42pm

Hey Benny

I must have missed the documents github repo, so thank you for opening the issue . I'll update the markdown document and send a PR then.

Topic		Replies	Views
RE: RE: Adding a feature in Chef Server UI Chef Infra (archive)	3	290	April 3, 2014
User handling logic Chef Infra (archive)	2	334	February 10, 2014
Chef solo launch without sudo reports config file missing - then runs it Chef Infra (archive)	0	229	June 27, 2011
Knife Chef recipes as non-root user? Chef Infra (archive)	5	1598	December 3, 2016
What minimum permissions are needed to run chef-solo? Chef Infra (archive)	2	306	February 19, 2014

Chef-solo documentation may cause security issues on implementations

Related topics