Chef-solo documentation may cause security issues on implementations

goku704 · September 21, 2020, 2:32pm

Hi,

I'd like to inform you about one potential risk where system administrators might be misled to where the "chef" user is not supposed to have root privileges on the host system.

Since, non-root users can run Ruby scripts with passwordless sudo privileges defined in the sudoers file then the "chef" user can create a Ruby file containing "system('/bin/bash')" in order to get a root shell.

chef@localhost$ sudo chef-solo -c /tmp/shell.rb
root@localhost#

Therefore, I think the documentation might need some warning or definition where system administrators need to use chef-solo accessible for unprivileged users who should not become the built-in root user.

Kind regards.

bennyvasquez · September 23, 2020, 3:18pm

Hi there, and welcome! Thanks for this report. The best way to report security concerns like this is to open an issue on the appropriate github repo (in this case the chef-web-docs repo). In this case, I've duplicated your report on the repo for you.

Additionally, since we're an open source community, we welcome pull requests! If you have an interest in contributing, feel free to open a pull request against that same repo.

goku704 · September 23, 2020, 3:42pm

Hey Benny

I must have missed the documents github repo, so thank you for opening the issue . I'll update the markdown document and send a PR then.

Topic		Replies	Views
RE: RE: Adding a feature in Chef Server UI Chef Infra (archive)	3	264	April 3, 2014
User handling logic Chef Infra (archive)	2	301	February 10, 2014
Knife Chef recipes as non-root user? Chef Infra (archive)	5	1536	December 3, 2016
What minimum permissions are needed to run chef-solo? Chef Infra (archive)	2	284	February 19, 2014
Handling Passwords with Chef Solo Chef Infra (archive)	0	238	June 5, 2010

Chef-solo documentation may cause security issues on implementations

Related Topics