New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
S3 authorization bypass using "mc" client #2180
Comments
Thanks for the detailed issue report! It saved a lot of time to ask for more details. |
May I suggest that it would be a good idea to highlight this problem more clearly in the release notes? This is a security hole big enough to drive a bus through, and as far as I can see, anyone who has the S3 server 2.56 on a public Internet address is vulnerable. I also expect that a range of earlier versions are vulnerable too. s3ChunkedReader was introduced in 88f1d32 (Sep 2 2018), and streaming v4 with calculateSeedSignature was introduced in f3ce316 (Feb 9 2020) |
Updated the release note. Thanks! |
Thanks. Small suggestion for improvement in the wording: change
to:
|
Done! Thanks for being strict! :) |
Describe the bug
S3 requests as sent by
mc
(minio client) are able to bypass many of the access controls in weed S3 API.System Setup
I am using Ubuntu 18.04. Install weed 2.56 binary:
Create
config.json
:Run server:
In another window:
Using awscli, things work as expected:
Basic tests:
As expected, the "reader1" account cannot create an object in "bucket1", as it has only List and Read permissions on that bucket; and the "reader2" account cannot see "bucket1".
Problem situation
The problem occurs when you use a different client,
mc
. Download:Configure it with the 'reader1' creds:
Problem 1: attempt to upload a file using the "reader1" creds:
It was uploaded successfully!
Problem2: as expected, reader1 doesn't have rights to create a bucket:
But it can upload to a non-existent bucket, and the bucket is created as a side effect!!
Check for existence of bucket:
Even though reader1 can't see the bucket, it was able to both create the bucket and upload an object into it.
Expected behavior
Obviously, the ACL should not be bypassable under any circumstances, by any client which only has access to the "reader1" credentials.
I expect that
mc
requests are valid S3 requests, but something about the payload is causing weed to skip authorization. It appears that weed is "failing open" (i.e. it defaults to permit, rather than default to deny) when the request is not as expected.Screenshots
I can compare tcpdump of a request send by awscli, versus one sent by mc. (
sudo tcpdump -i lo -nn -s0 -A tcp port 8333
)Command:
aww --profile reader1 s3 cp hello s3://bucket1/test123
Command:
./mc cp hello reader1/bucket1/test456
All these exchanges took place on the same TCP connection (client port 53684, server port 8333) so keepalive is active.
Additional context
I can see that
mc
is sending several requests. I haven't determined whether it's the format of the final PUT which is bypassing the authorization, or the fact that there have been previous authorized requests from the same client on the same TCP session.It also seems odd that in the
404 Not Found
responses from weed, there isContent-Length: 257
but no content body that I can see. (EDIT: those are HEAD requests which don't return a body, but are permitted to include a Content-Length of the body they would have sent. Not all that useful for a 404 response, but allowed)The text was updated successfully, but these errors were encountered: