"Mysterious" admin user created in Rancher upon cluster deployment (?) #31
Comments
|
(Rancher employee) This repo is the UI component for configuring the node template. It can only create an admin user even if it wanted to if you are also one, and it's pretty trivial to see there's nothing suspicious in the actual JS that's being loaded (the big blob is base64 encoded HTML template). |
|
Nevermind. i see it |
|
Can you describe the admin user in more detail? Do you mean a user that shows up on the Users page in the rancher UI? |
Yep |
I should have perhaps posted in the other repo... |
|
Hi everyone, sorry for the delayed response but as @vincent99 mentioned this ui-driver does only do the user interface magic to communicate nicely with the docker-machine-driver. I keep you updated. Edit: a photo of the created user would be awesome. Best regards Max |
|
@mxschmitt I tried the same myself and found nothing, though more eyes attempting to reproduce don't hurt. But I suspect there's another more mundane explanation that doesn't have anything to do with machine drivers. |
|
@mxschmitt: If you find anything, can you immediately create a downstream issue please? Binaries are being built by travis, so if they really did contain something, there are more questions to be asked. |
|
Hi again everyone! It looks like it may have nothing to do with this driver after all! I added an update to the Rancher forums so let's continue the discussion there if you don't mind, since it may be something about Rancher backups. Thanks! :) @mxschmitt and @JonasProgrammer sorry, like I said in the first comment I didn't mean to accuse or anything, I was (am) just trying to understand what's going on. |
|
Closed, for more info check out the forum post. Thanks to all and of course @vitobotta for the research and the investigation. |
Hi! I have been testing this for a couple of weeks now, and around a week ago I noticed for the first time that a new admin user had been created somehow in my Rancher installation. Likely it's still a test installation but I was shocked and I decided to investigate. From searching I didn't find any known vulnerabilities concerning Rancher that might explain a hack or something, and considering that my Rancher server is fairly good from a security point of view (I follow the typical best practices in configuration etc), I wasn't sure I had actually been hacked. I deleted the admin user, deleted my test cluster, created a new one always with Hetzner Cloud using this driver, and after a little while I found an admin user in Rancher again. I deleted the cluster and that admin user, I deployed another cluster and sure thing, after a while another admin user. I then deployed a couple of clusters with Digital Ocean (using Rancher's built in integration) after deleting the Hetzner one, and used those for testing for a couple of days. No new admin users. I then deployed a new cluster with Hetzner and once again after a little while I found an admin user. I repeated this process several times, and this happens only when I deploy clusters with Hetzner, never when I deploy Digital Ocean clusters. Coincidence?
Now, I don't want to accuse you or anything, I just want to understand if there is the possibility that something may have been compromised with this driver and perhaps you don't even know. I see in the README that the actual binary driver (not the UI) is from another Github project by somebody else, and that's a ready binary so I can't see the contents. Could it be that the compiled binary has something within it that can compromise Rancher when installed? I have now deleted the Hetzner driver from Rancher and created the servers for a new Hetzner cluster with Ansible instead, and then I provisioned the Kubernetes cluster still with Rancher but this time using the custom nodes mode. So far no admin user but I will report back if it happens again.
Thanks in advance if you have any possible explanation for this weird thing.
The text was updated successfully, but these errors were encountered: