| Title | Perforce admin/superuser password is in clear in config.py |
| Status | suspended |
| Priority | optional |
| Assigned user | David Jones |
| Organization | Perforce |
| Description | The replicator's Perforce user's password is in clear in config.py (and so is the replicator's MySQL user's password, for the Bugzilla integration). This user must have at least 'admin' privileges in Perforce, so this is a security risk. |
| Analysis | This is Perforce job 5004. The replicator's Perforce user must have at least the 'admin' protection mode in Perforce, to enable it to change the jobspec. Before Perforce 2002.2, the replicator user had to be a Perforce superuser, so this security risk was more severe. We could re-architect the replicator so that it has two pieces: (1) a setup script that changes the Perforce jobspec and (2) a daemon that does the rest of the work. Piece (1) must be run by hand by the administrator; it requests that the administrator enter the Perforce user password. Piece (2) doesn't need to be any special Perforce user since it doesn't change the jobspec; it can run as an ordinary user. We could make the replicator take the password as a command-line argument. Then (under Unix) the password could be in a root-owned file (with permissions 0500), rather than a file which has to be readable by the P4DTI user. GDR 2001-05-04: We need to write about this in section 5.1 of the AG. We could say: (1) make sure that the config file is protected (could the replicator check this? possibly it could on Unix); (2) specify the IP address of the host in the protections table so that the replicator user can only connect from a particular host; (3) don't use a real superuser password for the replicator's password! NB 2003-09-26: We have modified the RPM install script so that config.py* is not world-readable. This does not help a .tar.gz install (e.g. Solaris) or on Windows. We have also updated the AG to say that the P4DTI directory should be protected. |
| How found | customer |
| Evidence | <http://info.ravenbrook.com/mail/2001/02/19/23-44-04/0.txt>This is Perforce job job005004. |
| Observed in | 0.4.2 |
| Created by | Gareth Rees |
| Created on | 2001-02-20 13:06:49 |
| Last modified by | Nick Barnes |
| Last modified on | 2018-07-05 17:27:31 |
| History | 2001-02-20 GDR Created. 2001-05-04 GDR Added analysis. 2001-08-07 NB Added note on permissions to analysis. 2003-08-12 NB Updated to reflect the Perforce admin protection mode. 2003-09-26 NB Updated to reflect change to RPM install script. 2018-07-05 NB Suspended because the P4DTI is obsolete. |
| Support | Advice for all releases. |
| Change | Effect | Date | User | Description |
|---|---|---|---|---|
| 58350 | open | 2003-09-26 16:46:17 | Nick Barnes | Add warning about permissions on P4DTI directory. |
| 58345 | open | 2003-09-26 16:11:44 | Nick Barnes | Conceal passwords in config.py* |