Page MenuHomeMiraheze
Create Task
Maniphest T5543

Reconfigure SaltStack or replace it with another tool
Closed, InvalidPublic
Actions

Description

Related: T5536 and T5542, albeit these tasks are security sensitive (whereas this one is public), so do not talk about those here yet.

SaltStack is vulnerable to an exploit effectively granting root privileges to anyone: see https://saltexploit.com/. Fortunately, we patched quickly, but it does raise multiple questions regarding our SaltStack configuration (which is why SRE has removed SaltStack tools from the servers). There are multiple CVEs for the Salt master, yet the Salt master was publicly reachable for everyone and at first glance it looks like security recommendations were not adhered. @Paladox suggested we move to Cumin (which relies on SSH, not agents), but that is one of the many options to go for. Important: even if we decide to drop Salt, we must still determine why Miraheze was exposed to such risks in the first place.

Related Objects
Search...

Event Timeline

Southparkfan triaged this task as Normal priority.May 5 2020, 17:47
Southparkfan created this task.
Herald added subscribers: Examknow, Zppix, Reception123. · View Herald TranscriptMay 5 2020, 17:47
Southparkfan updated the task description. (Show Details)May 5 2020, 17:47
Southparkfan moved this task from Radar to Discussion on the Site Reliability Engineering board.
RhinosF1 subscribed.May 5 2020, 20:30
Paladox added a comment.May 10 2020, 19:47

Needs @Southparkfan response whether he would like to replace salt or keep it.

Paladox added a comment.May 10 2020, 19:56

My thoughts are we should replace salt with cumin as cumin is basically just a wrapper around ssh. It also means less software to maintain (since salt requires a master and a agent installed on each server). This also means we could use cumin against ns1. SSH is battle tested, it has been available for many many many years and has proven to be secure.

Paladox added a subtask: T5537: Replace SaltStack with Cumin.May 11 2020, 09:15
Reception123 added a comment.Jun 19 2020, 05:56

@Paladox So are we decided on replacing Salt with Cumin? If so this would be a duplicate task since we've got T5537

Paladox assigned this task to Southparkfan.Jun 23 2020, 15:45
Paladox merged a task: T5537: Replace SaltStack with Cumin.Jun 23 2020, 15:57
Southparkfan reassigned this task from Southparkfan to Paladox.Jun 28 2020, 14:55

@Paladox Let's replace Salt with Cumin. Not necessarily because we can't secure Salt (as long as we don't open the ports to the internet anymore, we're fine), but since Cumin offers functionality we can benefit from. Goal for Q3/Q4?

Paladox added a project: Goal-2020-Jul-Dec.Jul 1 2020, 19:24

yup! Let's make it a goal.

Southparkfan edited projects, added Security; removed acl*security.Jul 1 2020, 21:56
Southparkfan closed this task as Invalid.Jul 6 2020, 16:38
Southparkfan moved this task from Backlog to Site Reliability Engineering on the Goal-2020-Jul-Dec board.
Southparkfan removed a project: Goal-2020-Jul-Dec.

In favor of T5537

Southparkfan mentioned this in T5537: Replace SaltStack with Cumin.Jul 6 2020, 16:40
Southparkfan reopened subtask T5537: Replace SaltStack with Cumin as Open.Jul 6 2020, 16:43
Paladox closed subtask T5537: Replace SaltStack with Cumin as Declined.Feb 25 2021, 19:34
Herald added a subscriber: Unknown Object (User). · View Herald TranscriptFeb 25 2021, 19:34