-
-
Notifications
You must be signed in to change notification settings - Fork 14.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add developer accessible backdoor to VM tests infrastructure. #47418
Conversation
enable = true; | ||
permitRootLogin = "yes"; | ||
}; | ||
users.extraUsers.root.initialPassword = "backdoor"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we really need to set a password?
services.openssh.enable = true;
services.openssh.permitRootLogin = "yes";
services.openssh.extraConfig = "PermitEmptyPasswords yes";
users.extraUsers.root.password = "";
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not really. I was hesitant to do that, but then again once it has a backdoor, why even bother with passwords.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is an empty password already set in this file: https://github.com/NixOS/nixpkgs/blob/922916c51e2d9f664fd80c659bdb21047e0fb464/nixos/modules/testing/test-instrumentation.nix#L136
1ce2b7b
to
922916c
Compare
8a8fb34
to
e19316a
Compare
Thanks to @dezgeg for prototype implementation, I've cleaned it up and added documentation.
e19316a
to
e42381c
Compare
👍 I'd expect the temporary directory to have sufficiently restrictive permissions anyway. That's a problem that Nix should already solve. An adversary will have just as hard a time attacking a backdoored test as he would attacking a non-backdoored test. Some potential improvements: A similar backdoor to the perl script could be added, to provide access to library functions on machines and to relay the vm backdoors. Also the tester could print the backdoor instructions, although it won't be able to point the user to the right path because of that one security measure to prevent dangerous accidental /tmp references in built packages, or do we have an obscure impure environment variable with that info? |
Sounds good to me - anyone should feel free to contribute that, my motivation was to have a system that works and is documented. Hopefully that sparkles simplification :)
Shouldn't be an issue to echo $TMPDIR to logs. My willpower to do more test debugging is very low, as I was deep into it in last days, can we also consider this an improvement yet to be done? :) |
Iirc, |
Hm... what if we add a |
@aszlig That's also an interesting approach. What do you think of the PR as is? |
I'm merging this by discarding my concern about backdoor being a security issue given that I know this is far from perfect, but I've managed to debug my test failures easily - so it does the job. Any improvements are welcome to be done on top of this work. Going to backport to 18.09 as well. |
Thanks to @dezgeg for prototype implementation, I've
cleaned it up and added documentation.
I admit it's not clear to me if console access via $TMPDIR is considered a security issue, on a builder running multiple tests, I'd expect this could be considered an adversary.