-
Notifications
You must be signed in to change notification settings - Fork 198
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security VS habridge #390
Comments
This is something that can be controlled by the user. As being open, it is a risk if you put items on it that could be an issue. This is something that should be noted. |
Can the user really control this? - I do not think so. The default config of a package should also not by default open up the root account to anyone. Of course you may configure iptables to make sure that the habridge WebIF is only accessible by localhost. Then use a reverse proxy approach to get it channeled through Apache and add authentication. Such option sounds more like a work-around to me. I can imagine two solutions:
|
Yikes, yeah. Maybe a third option could be only run scripts saved in a
folder using a pick list or something? No entry of code in the web forms.
…On Wed, Jan 25, 2017 at 3:07 AM stefan73 ***@***.***> wrote:
Can the user really control this? - I do not think so. The default config
of a package should also not by default open up the root account to anyone.
Of course you may configure iptables to make sure that the habridge WebIF
is only accessible by localhost. Then use a reverse proxy approach to get
it channeled through Apache and add authentication. Such option sounds more
like a work-around to me.
I can imagine two options:
1. Make a password mandatory for the habridge WebIF before one can
set-up devices.
2. Eliminate the execute script/program option from habridge
completely. It is much safer, if scripts get called by a webserver like
apache / lighthttpd, where the user explicitly sets up e.g. a php script.
The account running the script is also more appropriate then.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#390 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AArbCYyQ6uwYrSfFtMfWBx4RBHV9W_Qvks5rVxC7gaJpZM4LtCOM>
.
|
@stefan73 This is an application that is open to any one to use and configure. This type of application is inherently risky in security due to it's implementation. This also, allows some flexibility on how it operates. If people do not want to understand the risks, such as blindly opening ports from the internet and that if anyone that gets onto their internal network inappropriately, they should not run this software. Please feel free to fork this project and remove what you do not want until it can be added as a feature. Also, even if these features are added, this is still a risk as the Hue API is already inherently risky. |
A decade ago I did information security as a good chunk of my job, and
although I should have seen the risk right away (open root access) I
didn't. If I didn't, some others won't. I think I subconsciously assumed
there was a password option I hadn't yet activated.
Perhaps a prominent disclaimer outlining the risks on the page and readme
are in order? Never allow access from the internet, never install on a
local network where there are people you don't absolutely trust, etc.
I was considering allowing access from 1 singular external IP, but won't
now (even if I get a better router).
I still appreciate the software and have donated, thanks for all your work,
Mike
…On Wed, Jan 25, 2017 at 8:52 AM BWS Systems ***@***.***> wrote:
@stefan73 <https://github.com/stefan73> This is an application that is
open to any one to use and configure. This type of application is
inherently risky in security due to it's implementation. This also, allows
some flexibility on how it operates. If people do not want to understand
the risks, such as blindly opening ports from the internet and that if
anyone that gets onto their internal network inappropriately, they should
not run this software. Please feel free to fork this project and remove
what you do not want until it can be added as a feature. Also, even if
these features are added, this is still a risk as the Hue API is already
inherently risky.
@pr3sidentspence <https://github.com/pr3sidentspence> Yes, you should
never open this up to the internet. Even if you have a better router....
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#390 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AArbCaSAUY8y9v3jFbhi1LTBv22mP7Utks5rV2G4gaJpZM4LtCOM>
.
|
@pr3sidentspence Your idea of sequestering scripts or programs to a specific directory is what I will probably implement. So as long as a user doesn't give up the system in a script or a link to a program to run, it will be mitigated somewhat. |
The directory idea is great & simple. The solution though needs to make sure that oen can only call scripts/programs with parameters and not a chain of commands. |
This will be implemented with the security update. |
This could also be accomplished by:
Viola, secured access to ha-bridge web interface. |
There will be multiple levels integrated. i.e. Secure just the user config portion, secure the api portion and also, secure only to registered user via "link button" ala hue. And there is some mix and match. |
habridge allows to execute scripts and programs on the hosting system. These scripts/programs are executed with root permissions. habridge also allows to add and test new configurations without any authentication to the system. i.e. habridge is a great tool but on the other hand exposes root to any user on the net. I guess there should be a password protection to the habridge configuration.
The text was updated successfully, but these errors were encountered: