New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

supervisorctl shows warning "Supervisord is running as root and it is searching" #741

Closed
jvanasco opened this Issue Apr 19, 2016 · 7 comments

Comments

2 participants
@jvanasco

jvanasco commented Apr 19, 2016

If supervisorctl is invoked without a -c argument, this warning may appear:

/opt/supervisord/lib/python2.7/site-packages/supervisor/options.py:296: UserWarning: Supervisord is running as root and it is searching for its configuration file in default locations (including its current working directory); you probably want to specify a "-c" argument specifying an absolute path to a configuration file for improved security. 'Supervisord is running as root and it is searching '

when supervisorctl decides on a configuration file to use, it does not alert the user.

I suggest adding a warning such as:

UserWarning: Supervisord has determined the configuration file is _______________.
@mnaberez

This comment has been minimized.

Show comment
Hide comment
@mnaberez

mnaberez Apr 19, 2016

Member

If supervisorctl is invoked without a -c argument, this warning may appear:

The warning appears when supervisord (not supervisorctl) is both running as root and is searching for its configuration file (no -c). This is because it is a security concern (supervisord running as root can start arbitrary programs as root).

when supervisorctl decides on a configuration file to use, it does not alert the user.

supervisorctl not showing a similar warning was intentional. There aren't the same security concerns with as with supervisord (supervisorctl can't start arbitrary programs, it only asks supervisord to do things). From the mailing list and issues, many users run supervisorctl without -c, and would find this new warning annoying.

Member

mnaberez commented Apr 19, 2016

If supervisorctl is invoked without a -c argument, this warning may appear:

The warning appears when supervisord (not supervisorctl) is both running as root and is searching for its configuration file (no -c). This is because it is a security concern (supervisord running as root can start arbitrary programs as root).

when supervisorctl decides on a configuration file to use, it does not alert the user.

supervisorctl not showing a similar warning was intentional. There aren't the same security concerns with as with supervisord (supervisorctl can't start arbitrary programs, it only asks supervisord to do things). From the mailing list and issues, many users run supervisorctl without -c, and would find this new warning annoying.

@mnaberez mnaberez closed this Apr 19, 2016

@jvanasco

This comment has been minimized.

Show comment
Hide comment
@jvanasco

jvanasco Apr 19, 2016

The warning above was due to supervisorctl , not supervisord, running as root. The installed version of supervisor is 3.2.3.

root@sextant:/etc# supervisorctl
/opt/supervisord/lib/python2.7/site-packages/supervisor/options.py:296: UserWarning: Supervisord is running as root and it is searching for its configuration file in default locations (including its current working directory); you probably want to specify a "-c" argument specifying an absolute path to a configuration file for improved security.
  'Supervisord is running as root and it is searching '
http://localhost:9001 refused connection
supervisor> 

Displaying a message to an seasoned end-user about which "automatically detected" configuration file is being used may be a minor annoyance... but the lack of a -c argument means there is absolutely no way to determine how supervisor/supervisorctl is running based on any one of 5 configuration files. An administrator may be editing/fixing one set of configuration files, but the changes will never be realized because supervisor is preferring a different set.

If someone really wanted to compromise a system via supervisorctl, they would already know -- and be familiar with -- the default file locations. Security concerns would be better addressed by refusing to start Supervisor if the user is root and the file is not only writeable by root.

It just doesn't make any sense to support automatic detection of 5+ configuration files, but not tell the user which configuration file is being used. If anything, this creates a security issue because any one of a number of files could be the preferred file -- but an administrator may not necessarily know that -- because they have changed an installation from a prepackaged OS version to a pypi/source install.

jvanasco commented Apr 19, 2016

The warning above was due to supervisorctl , not supervisord, running as root. The installed version of supervisor is 3.2.3.

root@sextant:/etc# supervisorctl
/opt/supervisord/lib/python2.7/site-packages/supervisor/options.py:296: UserWarning: Supervisord is running as root and it is searching for its configuration file in default locations (including its current working directory); you probably want to specify a "-c" argument specifying an absolute path to a configuration file for improved security.
  'Supervisord is running as root and it is searching '
http://localhost:9001 refused connection
supervisor> 

Displaying a message to an seasoned end-user about which "automatically detected" configuration file is being used may be a minor annoyance... but the lack of a -c argument means there is absolutely no way to determine how supervisor/supervisorctl is running based on any one of 5 configuration files. An administrator may be editing/fixing one set of configuration files, but the changes will never be realized because supervisor is preferring a different set.

If someone really wanted to compromise a system via supervisorctl, they would already know -- and be familiar with -- the default file locations. Security concerns would be better addressed by refusing to start Supervisor if the user is root and the file is not only writeable by root.

It just doesn't make any sense to support automatic detection of 5+ configuration files, but not tell the user which configuration file is being used. If anything, this creates a security issue because any one of a number of files could be the preferred file -- but an administrator may not necessarily know that -- because they have changed an installation from a prepackaged OS version to a pypi/source install.

@mnaberez

This comment has been minimized.

Show comment
Hide comment
@mnaberez

mnaberez Apr 19, 2016

Member

The warning above was due to supervisorctl , not supervisord, running as root. The installed version of supervisor is 3.2.3.

I just tried this on 3.2.3 and I couldn't duplicate it. It shows the warning when supervisord is run as root and without -c, but I couldn't get supervisorctl to print it. Can you tell us how to reproduce it?

[~] $ whoami
root
[~] $ supervisord --version
3.2.3
[~] $ supervisord
/path/to/supervisor/options.py:296: UserWarning: Supervisord is running as root and it is searching for its configuration file in default locations (including its current working directory); you probably want to specify a "-c" argument specifying an absolute path to a configuration file for improved security.
'Supervisord is running as root and it is searching '
Error: No config file found at default paths (/usr/local/etc/supervisord.conf, /usr/local/supervisord.conf, supervisord.conf, etc/supervisord.conf, /etc/supervisord.conf); use the -c option to specify a config file at a different path
For help, use /usr/local/bin/supervisord -h
[~] $ supervisorctl
http://localhost:9001 refused connection

If someone really wanted to compromise a system via supervisorctl

As mentioned above, the original intention was that warning was shown only for supervisord.

It just doesn't make any sense to support automatic detection of 5+ configuration files, but not tell the user which configuration file is being used.

I think adding some way to get this information would be very reasonable, e.g. supervisorctl --verbose or a new supervisorctl subcommand to print debug info. I don't think the right approach is to force an ugly warning on users that don't use -c, since it will probably annoy many people.

Member

mnaberez commented Apr 19, 2016

The warning above was due to supervisorctl , not supervisord, running as root. The installed version of supervisor is 3.2.3.

I just tried this on 3.2.3 and I couldn't duplicate it. It shows the warning when supervisord is run as root and without -c, but I couldn't get supervisorctl to print it. Can you tell us how to reproduce it?

[~] $ whoami
root
[~] $ supervisord --version
3.2.3
[~] $ supervisord
/path/to/supervisor/options.py:296: UserWarning: Supervisord is running as root and it is searching for its configuration file in default locations (including its current working directory); you probably want to specify a "-c" argument specifying an absolute path to a configuration file for improved security.
'Supervisord is running as root and it is searching '
Error: No config file found at default paths (/usr/local/etc/supervisord.conf, /usr/local/supervisord.conf, supervisord.conf, etc/supervisord.conf, /etc/supervisord.conf); use the -c option to specify a config file at a different path
For help, use /usr/local/bin/supervisord -h
[~] $ supervisorctl
http://localhost:9001 refused connection

If someone really wanted to compromise a system via supervisorctl

As mentioned above, the original intention was that warning was shown only for supervisord.

It just doesn't make any sense to support automatic detection of 5+ configuration files, but not tell the user which configuration file is being used.

I think adding some way to get this information would be very reasonable, e.g. supervisorctl --verbose or a new supervisorctl subcommand to print debug info. I don't think the right approach is to force an ugly warning on users that don't use -c, since it will probably annoy many people.

@jvanasco

This comment has been minimized.

Show comment
Hide comment
@jvanasco

jvanasco Apr 19, 2016

I was getting this through sudo but I went through bash as well

this is on a fresh ubuntu14.04 and installed from pypi via pip; are you using HEAD off the master branch ? I can try that later.

this is installed into a virtualenv, but I can't imagine that affecting this.

I get the error whether or not supervisord is running (though i see the processes if it is running)

root@sextant:~# whoami
root
root@sextant:~# supervisord --version
3.2.3
root@sextant:~# supervisord
/opt/supervisord/lib/python2.7/site-packages/supervisor/options.py:296: UserWarning: Supervisord is running as root and it is searching for its configuration file in default locations (including its current working directory); you probably want to specify a "-c" argument specifying an absolute path to a configuration file for improved security.
  'Supervisord is running as root and it is searching '
Error: Another program is already listening on a port that one of our HTTP servers is configured to use.  Shut this program down first before starting supervisord.
For help, use /opt/supervisord/bin/supervisord -h
root@sextant:~# supervisorctl
/opt/supervisord/lib/python2.7/site-packages/supervisor/options.py:296: UserWarning: Supervisord is running as root and it is searching for its configuration file in default locations (including its current working directory); you probably want to specify a "-c" argument specifying an absolute path to a configuration file for improved security.
  'Supervisord is running as root and it is searching '
unix:///var/run/supervisor.sock no such file

jvanasco commented Apr 19, 2016

I was getting this through sudo but I went through bash as well

this is on a fresh ubuntu14.04 and installed from pypi via pip; are you using HEAD off the master branch ? I can try that later.

this is installed into a virtualenv, but I can't imagine that affecting this.

I get the error whether or not supervisord is running (though i see the processes if it is running)

root@sextant:~# whoami
root
root@sextant:~# supervisord --version
3.2.3
root@sextant:~# supervisord
/opt/supervisord/lib/python2.7/site-packages/supervisor/options.py:296: UserWarning: Supervisord is running as root and it is searching for its configuration file in default locations (including its current working directory); you probably want to specify a "-c" argument specifying an absolute path to a configuration file for improved security.
  'Supervisord is running as root and it is searching '
Error: Another program is already listening on a port that one of our HTTP servers is configured to use.  Shut this program down first before starting supervisord.
For help, use /opt/supervisord/bin/supervisord -h
root@sextant:~# supervisorctl
/opt/supervisord/lib/python2.7/site-packages/supervisor/options.py:296: UserWarning: Supervisord is running as root and it is searching for its configuration file in default locations (including its current working directory); you probably want to specify a "-c" argument specifying an absolute path to a configuration file for improved security.
  'Supervisord is running as root and it is searching '
unix:///var/run/supervisor.sock no such file
@mnaberez

This comment has been minimized.

Show comment
Hide comment
@mnaberez

mnaberez Apr 20, 2016

Member

this is on a fresh ubuntu14.04 and installed from pypi via pip; are you using HEAD off the master branch ?

No, I used 3.2.3 like you (shown above).

Here's what happens when I install 3.2.3 with pip on a fresh Ubuntu 14.04 instance:

root@ubuntu:~# whoami
root
root@ubuntu:~# uname -a
Linux ubuntu 4.2.0-27-generic #32~14.04.1-Ubuntu SMP Fri Jan 22 15:32:26 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu:~# apt-get install -y python-pip
...
root@ubuntu:~# type supervisord
bash: type: supervisord: not found
root@ubuntu:~# type supervisorctl
bash: type: supervisorctl: not found
root@ubuntu:~# pip install supervisor
Downloading/unpacking supervisor
  Downloading supervisor-3.2.3.tar.gz (411kB): 411kB downloaded
  Running setup.py (path:/tmp/pip_build_root/supervisor/setup.py) egg_info for package supervisor

    warning: no previously-included files matching '*' found under directory 'docs/.build'
Downloading/unpacking meld3>=0.6.5 (from supervisor)
  Downloading meld3-1.0.2-py2.py3-none-any.whl
Installing collected packages: supervisor, meld3
  Running setup.py install for supervisor

    warning: no previously-included files matching '*' found under directory 'docs/.build'
    Skipping installation of /usr/local/lib/python2.7/dist-packages/supervisor/__init__.py (namespace package)
    Installing /usr/local/lib/python2.7/dist-packages/supervisor-3.2.3-nspkg.pth
    Installing echo_supervisord_conf script to /usr/local/bin
    Installing pidproxy script to /usr/local/bin
    Installing supervisorctl script to /usr/local/bin
    Installing supervisord script to /usr/local/bin
Successfully installed supervisor meld3
Cleaning up...
root@ubuntu:~# supervisord
/usr/local/lib/python2.7/dist-packages/supervisor/options.py:296: UserWarning: Supervisord is running as root and it is searching for its configuration file in default locations (including its current working directory); you probably want to specify a "-c" argument specifying an absolute path to a configuration file for improved security.
  'Supervisord is running as root and it is searching '
Error: No config file found at default paths (/usr/local/etc/supervisord.conf, /usr/local/supervisord.conf, supervisord.conf, etc/supervisord.conf, /etc/supervisord.conf); use the -c option to specify a config file at a different path
For help, use /usr/local/bin/supervisord -h
root@ubuntu:~# supervisorctl
http://localhost:9001 refused connection
supervisor> 

The warning is shown for supervisord but not supervisorctl as expected.

this is installed into a virtualenv, but I can't imagine that affecting this.

It looks like it might be, or some other difference on your system is causing it. If we are able to reproduce it, we can see if there's something we can fix in supervisorctl.

Member

mnaberez commented Apr 20, 2016

this is on a fresh ubuntu14.04 and installed from pypi via pip; are you using HEAD off the master branch ?

No, I used 3.2.3 like you (shown above).

Here's what happens when I install 3.2.3 with pip on a fresh Ubuntu 14.04 instance:

root@ubuntu:~# whoami
root
root@ubuntu:~# uname -a
Linux ubuntu 4.2.0-27-generic #32~14.04.1-Ubuntu SMP Fri Jan 22 15:32:26 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu:~# apt-get install -y python-pip
...
root@ubuntu:~# type supervisord
bash: type: supervisord: not found
root@ubuntu:~# type supervisorctl
bash: type: supervisorctl: not found
root@ubuntu:~# pip install supervisor
Downloading/unpacking supervisor
  Downloading supervisor-3.2.3.tar.gz (411kB): 411kB downloaded
  Running setup.py (path:/tmp/pip_build_root/supervisor/setup.py) egg_info for package supervisor

    warning: no previously-included files matching '*' found under directory 'docs/.build'
Downloading/unpacking meld3>=0.6.5 (from supervisor)
  Downloading meld3-1.0.2-py2.py3-none-any.whl
Installing collected packages: supervisor, meld3
  Running setup.py install for supervisor

    warning: no previously-included files matching '*' found under directory 'docs/.build'
    Skipping installation of /usr/local/lib/python2.7/dist-packages/supervisor/__init__.py (namespace package)
    Installing /usr/local/lib/python2.7/dist-packages/supervisor-3.2.3-nspkg.pth
    Installing echo_supervisord_conf script to /usr/local/bin
    Installing pidproxy script to /usr/local/bin
    Installing supervisorctl script to /usr/local/bin
    Installing supervisord script to /usr/local/bin
Successfully installed supervisor meld3
Cleaning up...
root@ubuntu:~# supervisord
/usr/local/lib/python2.7/dist-packages/supervisor/options.py:296: UserWarning: Supervisord is running as root and it is searching for its configuration file in default locations (including its current working directory); you probably want to specify a "-c" argument specifying an absolute path to a configuration file for improved security.
  'Supervisord is running as root and it is searching '
Error: No config file found at default paths (/usr/local/etc/supervisord.conf, /usr/local/supervisord.conf, supervisord.conf, etc/supervisord.conf, /etc/supervisord.conf); use the -c option to specify a config file at a different path
For help, use /usr/local/bin/supervisord -h
root@ubuntu:~# supervisorctl
http://localhost:9001 refused connection
supervisor> 

The warning is shown for supervisord but not supervisorctl as expected.

this is installed into a virtualenv, but I can't imagine that affecting this.

It looks like it might be, or some other difference on your system is causing it. If we are able to reproduce it, we can see if there's something we can fix in supervisorctl.

@mnaberez mnaberez changed the title from Suggestion: "Warn" the name of the configuration file that is loaded if a default is used. to supervisorctl shows warning "Supervisord is running as root and it is searching" Apr 21, 2016

@mnaberez mnaberez reopened this Apr 21, 2016

@jvanasco

This comment has been minimized.

Show comment
Hide comment
@jvanasco

jvanasco Apr 21, 2016

After more testing, the supervisord warning is displayed when supervisorctl is installed into a virtualenv, but not when installed into the default location. This is exhibited on both linux and osx.

jvanasco commented Apr 21, 2016

After more testing, the supervisord warning is displayed when supervisorctl is installed into a virtualenv, but not when installed into the default location. This is exhibited on both linux and osx.

@jvanasco

This comment has been minimized.

Show comment
Hide comment
@jvanasco

jvanasco Apr 27, 2016

I migrated from ubuntu 16.04 (from 14.04), I am very confident that the "derive a config file" functionality warrants supervisorctl printing out the active config file (and supervisord logging it) if anything other than an explicit -c /path/to/file is used.

this type of notification is already used -

root@server:~# supervisorctl
http://localhost:9001 refused connection
supervisor> 

and while it's not necessary when specifying a file:

root@server:~# supervisorctl -c /path/to/file
supervisor>

when not-specifying a file, one would need to check the actual search order for the installed version of supervisor in docs or source code, while a simple notification could suffice

root@server:~# supervisorctl
using configuration file: /path/to/found
supervisor> 

jvanasco commented Apr 27, 2016

I migrated from ubuntu 16.04 (from 14.04), I am very confident that the "derive a config file" functionality warrants supervisorctl printing out the active config file (and supervisord logging it) if anything other than an explicit -c /path/to/file is used.

this type of notification is already used -

root@server:~# supervisorctl
http://localhost:9001 refused connection
supervisor> 

and while it's not necessary when specifying a file:

root@server:~# supervisorctl -c /path/to/file
supervisor>

when not-specifying a file, one would need to check the actual search order for the installed version of supervisor in docs or source code, while a simple notification could suffice

root@server:~# supervisorctl
using configuration file: /path/to/found
supervisor> 
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment