• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Add security checks #488

Scheduled Pinned Locked Moved
Bug Reports
4
5
506
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    skyrider223
    last edited by Sebastian Roth Dec 12, 2022, 3:21 PM Nov 23, 2022, 4:57 PM

    Hello,

    Actually, i’m working on a usable FOS client working on Secure Boot, based on signed Clonezilla Linux kernel.
    (with GRUB-signed + shim for PXE chainloading)

    In a attempt of make a wrapper for GRUB (like bootmenu.class.php), i discovered in bootmenu.class.php :

    Everybody on the network where FOG Server is connected (even if the server is connected on Internet) can

    • Delete a host
    • Update a product key
    • Join a multicast session
    • Approve a host (which can lead to an AD credential leak)

    The only prerequisites are to known the mac address of a computer present in the FOG Database.

    In the commit proposed, it changes the behavior of how iPXE handles the user and password throughout multiples #iPXE scripts, and ensures at all times an action is authenticated, event if the command is “internal” (delconf/sessname/key/aprvconf)

    Theses lines ensures username and password parameters to be kept in RAM during the iPXE phase && re-transmitted (if defined):

    'param username ${username}',
    'param password ${password}',
    

    PS : I’m sorry @Sebastian-Roth for my (very) late reply.

    https://github.com/FOGProject/fogproject/pull/488

    G 1 Reply Last reply Nov 23, 2022, 5:45 PM Reply Quote 1
    • G
      george1421 Moderator @skyrider223
      last edited by george1421 Nov 23, 2022, 11:46 AM Nov 23, 2022, 5:45 PM

      @skyrider223 said in Add security checks #488:

      Delete a host
      Update a product key
      Approve a host (which can lead to an AD credential leak)

      IMO these functions should be removed from the FOG iPXE menu completely (password or not). These processes should be restricted to the FOG UI. Simply for the fact you stated that changes to the FOG environment could be done in a malicious and anonymous way with this code hanging around.

      In regards to the other method using the ubuntu/debian kernel (I believe that is what clonezilla live does) the issue is with the drivers. Most of those general purpose kernels use dynamically loaded drivers. That would work for FOG, but then the drivers would need to be loaded into the init.xz (VHD). Both methods are possible. I was testing a few years ago with just this solution of using grub and the shim to secure boot and it did work at the time. But the project fell out of focus and then when I got back to it it was failing. The issue I ran into with Grub is that its not dynamic enough for FOG. You can do static pxe booting, but the issues came at the deploy image menu to get that bit to work.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

      1 Reply Last reply Reply Quote 0
      • S
        Sebastian Roth Moderator
        last edited by Dec 12, 2022, 7:43 PM

        @skyrider223 Thanks heaps for posting in the forums. Unfortunately there was not much of a discussion going on.

        So should we add security checks or even remove the entries from the menu altogether? I tend to add the checks.

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        T 1 Reply Last reply Dec 12, 2022, 8:18 PM Reply Quote 0
        • T
          Tom Elliott @Sebastian Roth
          last edited by Dec 12, 2022, 8:18 PM

          @sebastian-roth et al.

          The reason these items were added were specifically because of requests. Especially those onestop shops where one might not have direct access to the UI for security, or remote possibilities.

          Working with that I tend to side with the idea of making the menu prompt for user/pass for every action that should ultimately have authentication.

          Don’t know why I missed that and for that I’m sorry.

          Just notes:

          Delete a host - Not quite sure why this is fully required and I would almost say it should not be on the menu.
          Update a product key - This I think could be handy if say you have a generic keyed image but wanted to use an elevated product key for certain VIP machines. While you could do this from the UI, I guess it was just requested because people don’t like having to load a UI sometimes?
          Join a multicast session - This one I think definitely should be password protected and hopefully this one at least makes sense to have on the menu.
          Approve a Host -This should be UI specific I suppose.

          Hopefully this helps.

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          1 Reply Last reply Reply Quote 1
          • S
            Sebastian Roth Moderator
            last edited by Dec 23, 2022, 12:17 PM

            Thanks everyone for the comments on this. Looks like we better remove “Delete a host” and “Approve a Host” from the iPXE menu altogether.

            With the “Update a product key” I see different opinions. While I understand your point @Tom-Elliott I am wondering if people actually use this at all because typing a 25 character key right at the machine is not much convenient. But on the other hand I think adding the security check should be enough to prevent from malicious/anonymous user inputs which @george1421 mentioned. I tend to leave that option in the menu but secure it - and same for “Join a multicast session”.

            @skyrider223 I just merged your pull request and opened a new issue to take care of removing the menu items as discussed. I added a list of code changes needed to the issue report already. Are you keen to look into this as well?

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            1 Reply Last reply Reply Quote 1
            • 1 / 1
            • First post
              Last post

            148

            Online

            12.0k

            Users

            17.3k

            Topics

            155.2k

            Posts
            Copyright © 2012-2024 FOG Project