Feature #15981

Define security policy for access that gives arbitrary code execution on the Tails infrastructure

Added by intrigeri 2018-09-26 12:35:05 . Updated 2019-01-24 16:55:34 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Continuous Integration
Target version:
Start date:
2018-09-26
Due date:
% Done:

100%

Feature Branch:
Type of work:
Communicate
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

We have no security policy defined for access to the Jenkins web UI and for sending branches to Jenkins. Do we need one? If yes, what shall it be?


Subtasks


Related issues

Related to Tails - Feature #15798: Jenkins access for new FT members Resolved 2018-09-26
Blocks Tails - Feature #13284: Core work: Sysadmin (Adapt our infrastructure) Confirmed 2017-06-30

History

#1 Updated by intrigeri 2018-09-26 12:39:26

  • Status changed from Confirmed to In Progress
  • Assignee changed from intrigeri to groente
  • % Done changed from 0 to 30
  • QA Check set to Ready for QA

For Feature #15798 I’ve analyzed potential consequences of the attacker taking control over Jenkins or one of its worker VMs. And then I did some work to make lateral movement harder for such an attacker. IMO the result is good enough to give FT members access to Jenkins without any specific security policy.

#2 Updated by intrigeri 2018-09-26 13:15:03

  • Subject changed from Define security policy for access to Jenkins to Define security policy for access that give arbitrary code exec on a lizard VM
  • Assignee changed from groente to intrigeri
  • QA Check changed from Ready for QA to Dev Needed

Actually, some service admins already have SSH access to a lizard VM => let’s generalize this ticket.

#3 Updated by intrigeri 2018-09-26 13:35:01

  • blocks Feature #13284: Core work: Sysadmin (Adapt our infrastructure) added

#4 Updated by intrigeri 2018-09-26 15:38:27

  • Subject changed from Define security policy for access that give arbitrary code exec on a lizard VM to Define security policy for access that give arbitrary code execution on the Tails infrastructure

#5 Updated by intrigeri 2018-09-26 15:38:42

  • Subject changed from Define security policy for access that give arbitrary code execution on the Tails infrastructure to Define security policy for access that gives arbitrary code execution on the Tails infrastructure

#6 Updated by intrigeri 2018-09-26 15:50:43

  • % Done changed from 30 to 50
  • QA Check deleted (Dev Needed)

We’ve designed (thanks groente!) and drafted a security policy in sysadmin.git. I’ll now send it to everyone who already has such access and we’ll see what comes out from it. If those who are waiting in line for Jenkins access satisfy that policy, I’ll give them access.

#8 Updated by intrigeri 2018-09-26 16:10:17

  • Type of work changed from Sysadmin to Communicate

#9 Updated by intrigeri 2018-10-10 21:58:25

  • Target version changed from Tails_3.10.1 to Tails_3.11

2 weeks later, I’ve pinged everyone who did not reply yet. I’ll come back to it in ~2 more weeks.

#10 Updated by intrigeri 2018-11-17 16:58:40

  • Assignee changed from intrigeri to groente
  • QA Check set to Info Needed

I’ve pinged people twice already. I don’t want to nag people endlessly and a security policy is only useful if we enforce it consistently so I would like to set a deadline.

Here’s a proposal for one last email ping to the people who never answered:

Hi!

Here's one third and last ping.

Worst case, we'll disable any access that's in scope for this security policy
3 months after the initial announcement, i.e. not before December 26.

But we certainly hope we won't have to do that! If you take a few minutes
today to check your compliance with this security policy, it'll save
everyone involved quite some time :)

I’ll also make the same deadline clear to those who did answer but have not achieved compliance yet.

#11 Updated by groente 2018-11-17 20:16:36

  • Assignee changed from groente to intrigeri
  • QA Check deleted (Info Needed)

christmas presents from the bofh, i like it :)

jokes aside, that sounds completely reasonable, go for it!

#12 Updated by intrigeri 2018-11-17 21:03:46

> christmas presents from the bofh, i like it :)

ah ah :)

Now, if we indeed have to cut access to people in the end, the work needed to do so and possibly dealing with negative feedback might be a rather poisoned kind of gift, but well.

> jokes aside, that sounds completely reasonable, go for it!

OK!

#13 Updated by intrigeri 2018-11-19 10:00:53

  • Target version changed from Tails_3.11 to Tails_3.12

intrigeri wrote:
> Here’s a proposal for one last email ping to the people who never answered:
>
> […]
>
> I’ll also make the same deadline clear to those who did answer but have not achieved compliance yet.

Done both. I’ll come back to it after the deadline.

#14 Updated by intrigeri 2018-11-20 16:55:19

Remaining: emmapeel, spriver.

#15 Updated by intrigeri 2018-11-20 17:03:10

#16 Updated by intrigeri 2018-11-20 17:03:15

#17 Updated by intrigeri 2019-01-21 17:52:10

spriver reported on Dec 7 that she complies.

Remaining: emmapeel.

#19 Updated by intrigeri 2019-01-24 16:55:34

  • Status changed from In Progress to Resolved
  • Assignee deleted (intrigeri)
  • % Done changed from 50 to 100

Woohoo, everyone now complies \o/