-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security in shared environments #517
Comments
Have you seen the readme section about config security? File access (EDIT: and arbitrary command execution!) can be disabled (at the cost that configs referencing external certs etc. won't work). We've closed a yaml deserialization hole before. We use safe_load now but hard to be 100% certain there are no other holes... |
If your use case takes zero inputs from your server, all data comes from customer, then its maybe ok, as in a customer can only attack themselves. |
Thanks for the reply. Our use case: if a customer defines a YML file from our dashboard, we will apply that to the customer K8s cluster. Said that:
Let's see each point in your answer:
This is not a security issue because the customer is exposing his own data (voluntary) to a different cluster or server.
What data? The YML file is already owned by the customer.
Ok, this is out of scope... Obviously anything can have security bugs, including Ruby, OS, etc. but that is an entire different topic. You just need to apply the normal security patches when there's a CVE. |
It would be interesting to know more about this:
I wonder what makes the original developer think that it might misbehave. A practical example would be interesting. |
I am building a Rails application that manages different K8s clusters for different customers.
Basically the Rails application works like this:
Is it safe to use this gem for this use case?
Example:
It would be useful to document whether this gem is appropriate or not to be used in shared / multi-tenant environments with untrusted inputs (YAML configuration, etc).
Thanks in advance
The text was updated successfully, but these errors were encountered: