Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Securize control interface #119

Closed
nilp0inter opened this issue Aug 17, 2020 · 1 comment
Closed

Securize control interface #119

nilp0inter opened this issue Aug 17, 2020 · 1 comment
Labels
discussion things to discuss about feature New feature proposal
Milestone
0.7.0

Comments

@nilp0inter
Copy link
Contributor

In the current implementation the control interface is over plain HTTP and bind to localhost by default.

This can be problematic on setups where an adversary is on the same machine as the server.

Proper bastion of the control interface is key to a secure Kapow! deployment.

Think a solution and implement it.
@nilp0inter nilp0inter added discussion things to discuss about feature New feature proposal labels Aug 17, 2020
@nilp0inter nilp0inter added this to the Next Release milestone Aug 17, 2020
@panchoh
Copy link
Contributor

panchoh commented Dec 24, 2020

Ruso dixit:
Kapow! should generate a random token each time it starts up, and share this token via environment variable to the init programs it will launch upon startup.
The control interface will only accept requests that contain the aforementioned token in the header X-Kapow-Token.

Furthermore, to prevent sniffing of the token by other parties, the communication should be done using https, by way of generating a self-signed certificate on the fly, which can be accomplished by taking code from this example:

https://golang.org/src/crypto/tls/generate_cert.go. We can perhaps leverage ed25519 for a lightweight and secure key.

panchoh added a commit that referenced this issue Mar 12, 2021
@panchoh @nilp0inter
feat: Control API uses automatic cross-pinning mTLS (Closes #119)
8ffa942 
. kapow server generates on startup a pair of certificates
that will use to secure communications to its control server.
It will communicate the server and client certificates as well
as the client private key to the init programs it launches,
via environment variables.

. kapow server now understands a new flag --control-reachable-addr
which accepts either a IP address or a DNS name, that can be used
to ensure that the generated server certificate will be appropiate
in case the control server must be accessed from something other
than localhost.

Co-authored-by: Roberto Abdelkader Martínez Pérez <robertomartinezp@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion things to discuss about feature New feature proposal
Projects
None yet
Milestone
0.7.0
Development

No branches or pull requests
2 participants
@panchoh @nilp0inter