Page MenuHomeMiraheze

Reconfigure SaltStack or replace it with another tool
Closed, InvalidPublic

Description

Related: T5536 and T5542, albeit these tasks are security sensitive (whereas this one is public), so do not talk about those here yet.

SaltStack is vulnerable to an exploit effectively granting root privileges to anyone: see https://saltexploit.com/. Fortunately, we patched quickly, but it does raise multiple questions regarding our SaltStack configuration (which is why SRE has removed SaltStack tools from the servers). There are multiple CVEs for the Salt master, yet the Salt master was publicly reachable for everyone and at first glance it looks like security recommendations were not adhered. @Paladox suggested we move to Cumin (which relies on SSH, not agents), but that is one of the many options to go for. Important: even if we decide to drop Salt, we must still determine why Miraheze was exposed to such risks in the first place.

Event Timeline

Southparkfan triaged this task as Normal priority.May 5 2020, 17:47
Southparkfan created this task.
Southparkfan updated the task description. (Show Details)May 5 2020, 17:47
Southparkfan moved this task from Radar to Discussion on the Site Reliability Engineering board.
Paladox added a comment.May 10 2020, 19:47

Needs @Southparkfan response whether he would like to replace salt or keep it.

Paladox added a comment.May 10 2020, 19:56

My thoughts are we should replace salt with cumin as cumin is basically just a wrapper around ssh. It also means less software to maintain (since salt requires a master and a agent installed on each server). This also means we could use cumin against ns1. SSH is battle tested, it has been available for many many many years and has proven to be secure.

@Paladox So are we decided on replacing Salt with Cumin? If so this would be a duplicate task since we've got T5537

@Paladox Let's replace Salt with Cumin. Not necessarily because we can't secure Salt (as long as we don't open the ports to the internet anymore, we're fine), but since Cumin offers functionality we can benefit from. Goal for Q3/Q4?

yup! Let's make it a goal.

Southparkfan edited projects, added Security; removed acl*security.Jul 1 2020, 21:56
Southparkfan closed this task as Invalid.Jul 6 2020, 16:38
Southparkfan removed a project: Goal-2020-Jul-Dec.

In favor of T5537