Peringatan Keamanan SlickStack

Kaca iki nyimpulake kekhawatiran keamanan babagan SlickStack lan sebabe desain default-e bisa mbukak server marang eksekusi kode jarak jauh lan serangan man-in-the-middle. Uga nyedhiyakake langkah-langkah mitigasi lan alternatif sing luwih aman.

Ringkesan

  • Unduhan jarak jauh sing kerep dijadwalake minangka root liwat cron
  • Verifikasi SSL diabaikan nganggo --no-check-certificate
  • Ora ana checksum/tandha tangan ing skrip sing diundhuh
  • Kepemilikan root lan ijin sing ditrapake marang skrip sing dijupuk

Bukti: Cron lan Izin

Unduhan cron (saben 3 jam lan 47 menit)

47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/08-cron-half-daily https://slick.fyi/crons/08-cron-half-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/09-cron-daily https://slick.fyi/crons/09-cron-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/10-cron-half-weekly https://slick.fyi/crons/10-cron-half-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/11-cron-weekly https://slick.fyi/crons/11-cron-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/12-cron-half-monthly https://slick.fyi/crons/12-cron-half-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/13-cron-monthly https://slick.fyi/crons/13-cron-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/14-cron-sometimes https://slick.fyi/crons/14-cron-sometimes.txt' > /dev/null 2>&1

Kepemilikan root lan ijin sing mbatesi (ditrapake bola-bali)

47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/custom/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chmod 0700 /var/www/crons/*cron*' > /dev/null 2>&1

Polak iki ngidini eksekusi kode sewenang-wenang saka domain jarak jauh lan nambah risiko MITM kanthi nglirwakake verifikasi sertifikat.

Deleng uga commit ing ngendi URL cron diganti saka GitHub CDN menyang slick.fyi: perbedaan commit.

Pandhuan Mitigasi

  1. Nonaktifake tugas cron SlickStack lan copot skrip sing diundhuh saka direktori cron.
  2. Audit kanggo referensi sing isih ana menyang slick.fyi lan penarikan skrip jarak jauh; ganteni karo artefak berversi lan checksummed utawa copot kabeh.
  3. Ganti kredensial lan kunci yen SlickStack mlaku kanthi hak istimewa root ing sistem sampeyan.
  4. Mbangun maneh server sing kena pengaruh nalika bisa kanggo njamin kondisi sing resik.

Alternatif sing luwih aman

Pertimbangkan WordOps utawa piranti liyane sing nyingkiri eksekusi root jarak jauh lan nyedhiyakake rilis versi sing bisa diaudit kanthi checksums/tandha tangan.

Sitasi