Add cure53 security audit report #1065
Conversation
Signed-off-by: Richard Hartmann <richih@richih.org>
Signed-off-by: Richard Hartmann <richih@richih.org>
RichiH
changed the title
content/docs/operating/security.md
Outdated
|
|
||
| ## External audits | ||
|
|
||
| CNCF sponsored an external security audit by cure53 which ran from April 2018 |
There was a problem hiding this comment.
I would link both the CNCF and cure53.
There was a problem hiding this comment.
I thought they would be obvious once you are this deep in our pages, but will do.
content/docs/operating/security.md
Outdated
|
|
||
| CNCF sponsored an external security audit by cure53 which ran from April 2018 | ||
| to June 2018. You can find the final report of the audit | ||
| [here](assets/downloads/2018-06-11--cure53_security_audit.pdf). |
There was a problem hiding this comment.
It's nice to provide somewhat larger links than the word "here".
How about You can find more details in the [final report of the audit](assets/downloads/2018-06-11--cure53_security_audit.pdf).
Signed-off-by: Richard Hartmann <richih@richih.org>
content/docs/operating/security.md
Outdated
| @@ -106,7 +106,7 @@ If using a client-library-provided HTTP handler, it should not be possible for | |||
| malicious requests that reach that handler to cause issues beyond those | |||
| resulting from additional load and failed scrapes. | |||
|
|
|||
| ## Authentication/Authorisation/Encryption | |||
| ## Authentication, Authorisation, and Encryption | |||
There was a problem hiding this comment.
Hmm, aren't we meant to be using US spellings? I must have let this one slip though.
There was a problem hiding this comment.
Don't care which as long as we are consistent; changed.
|
|
||
| ## External audits | ||
|
|
||
| [CNCF](https://cncf.io) sponsored an external security audit by |
There was a problem hiding this comment.
Should we summarise this here?
There was a problem hiding this comment.
I think yes. Attribution is important in both FLOSS & security and I would like to acknowledge the fact that CNCF spent money on us.
There was a problem hiding this comment.
I meant more, that we should add a few sentences summarising the report.
Signed-off-by: Richard Hartmann <richih@richih.org>
Signed-off-by: Richard Hartmann <richih@richih.org>
content/docs/operating/security.md
Outdated
| [cure53](https://cure53.de) which ran from April 2018 to June 2018. | ||
|
|
||
| The audit found no major concerns outside of the scope of this document. It | ||
| re-iterated on the importance of following what is layed out here. |
content/docs/operating/security.md
Outdated
| [CNCF](https://cncf.io) sponsored an external security audit by | ||
| [cure53](https://cure53.de) which ran from April 2018 to June 2018. | ||
|
|
||
| The audit found no major concerns outside of the scope of this document. It |
There was a problem hiding this comment.
This is really an unduly generous interpretation of what the report says and omits that the report strongly suggests to change our practices. Also I don't think that this document here would even give people an idea that e.g. the CORS and XSRF vulnerabilities exist and need to be protected against. Those are pretty severe IMO. If an attacker can make me visit a website and then they can either read all my Prometheus data or shut down my Prometheus server, that seems bad, and almost nobody reading this document would anticipate those problems from what is written here.
Signed-off-by: Richard Hartmann <richih@richih.org>
content/docs/operating/security.md
Outdated
| [cure53](https://cure53.de) which ran from April 2018 to June 2018. | ||
|
|
||
| The audit found concerns regarding Prometheus' secrity model, but following | ||
| what is layed out in this document should guard against most of them. |
content/docs/operating/security.md
Outdated
|
|
||
| The audit found concerns regarding Prometheus' secrity model, but following | ||
| what is layed out in this document should guard against most of them. | ||
| In particular, the CORS (PRM-01-001) and CSRF (PRM-01-003) attack vectors might |
There was a problem hiding this comment.
They're in this doc now, and many attack vectors are non-obvious. Putting it like this make it seem as though reading this doc is not sufficient.
content/docs/operating/security.md
Outdated
| [CNCF](https://cncf.io) sponsored an external security audit by | ||
| [cure53](https://cure53.de) which ran from April 2018 to June 2018. | ||
|
|
||
| The audit found concerns regarding Prometheus' secrity model, but following |
There was a problem hiding this comment.
I don't think this really captures it, and this document covers everything mentioned.
content/docs/operating/security.md
Outdated
| be non-obvious. | ||
|
|
||
| For more details, please read the | ||
| [final report of the audit](assets/downloads/2018-06-11--cure53_security_audit.pdf). |
There was a problem hiding this comment.
Remove the assets from this URL
There was a problem hiding this comment.
Are you certain? grep -ri assets content implies otherwise.
There was a problem hiding this comment.
Okay, I see now that there's a URL re-write rule in place for static assets. I do think, though, that the URL needs to begin with /assets rather than assets since this is not the index page.
|
@lucperkins Suggestions as to verbiage around the contended parts? |
|
@RichiH @brian-brazil Would it be possible to ship this without the summary paragraph for now? We should get the results out to the public. I'd be happy to write up a more detailed summary once the PDF is out. Also, Richie, make sure to update the URL of the PDF to |
|
That sounds like a good idea. |
|
I don't have my keys with me in China, but feel free to push over me and merge.
|
lucperkins
force-pushed
the
richih/security_audit
branch
from
bd817c6
to
b83a8b1
Compare
Signed-off-by: lucperkins <lucperkins@gmail.com>
lucperkins
force-pushed
the
richih/security_audit
branch
from
b83a8b1
to
0a4a778
Compare
Signed-off-by: lucperkins <lucperkins@gmail.com>
No description provided.