Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Won't Fix
Priority: High
Fix Version/s: None
Affects Version/s: 6.0.7, 6.1.4, 6.2.4
Component/s: Editor - Synchrony
Labels:

Support reference count:
2
Symptom Severity:
Severity 2 - Major
UIS:
1
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Issue

Running Synchrony as a stand-alone service for data center instances exposes sensitive information such as the database username/password, and public/private keys. These are all passed as JVM arguments. This means anyone with command-line access to the server can see this information via a ps command.

To Reproduce

Set up Synchrony as a stand-alone service
Start Synchrony
Run ps -ef | grep synchrony
Results:

synchro+  1707     1 89 18:19 ?        00:00:08 java -Xms2048k -Xmx1024m -classpath /opt/atlassian/synchrony/synchrony-standalone.jar:/opt/atlassian/synchrony/postgresql-42.1.1.jar -Dsynchrony.cluster.impl=hazelcast-btf -Dsynchrony.port=8091 -Dcluster.listen.port=5701 -Dsynchrony.cluster.base.port=25500 -Dcluster.join.type=tcpip -Dcluster.join.tcpip.members=192.168.56.1 -Dsynchrony.context.path=/synchrony -Dsynchrony.cluster.bind=192.168.56.102 -Dsynchrony.bind=192.168.56.102 -Dcluster.interfaces=192.168.56.102 -Dsynchrony.service.url=http://192.168.56.102:8091/synchrony -Dreza.service.url=http://192.168.56.102:8091/synchrony -Djwt.private.key=<PRIVATE_KEY_HERE> -Djwt.public.key=<PUBLIC_KEY_HERE> Dsynchrony.database.url=jdbc:postgresql://10.0.2.2:5432/confluence631 -Dsynchrony.database.username=<DATABASE_USERNAME_HERE> -Dsynchrony.database.password=<DATABASE_PASSWORD_HERE> -Djava.net.preferIPv4Stack=true -Dip.whitelist=192.168.56.1,localhost synchrony.core sql
jason     1728  1674  0 18:19 pts/0    00:00:00 grep --color=auto synchrony

Suggestion

Make Synchrony read this information from a file that can be locked to only be readable by the user running Synchrony. This could be a copy of confluence.cfg.xml or a new file.

Workaround

Prevent unnecessary users from having shell access to the box on which Synchrony is running; i.e. deny logon by disabling or removing unneeded users from the synchrony system. Also, for Linux systems running a kernel version newer than 3.3 you can mount /proc with hidepid=1 or 2, more information on doing this can be found at https://www.cyberciti.biz/faq/linux-hide-processes-from-other-users/ .

Attachments

Issue Links

is related to

CONFSERVER-53474 Add feature to secure clear text passwords in configuration files for service startup in Confluence Data Center

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(1 mentioned in)

Activity

People

Assignee:: Duy Truong Luong

Reporter:: Jason B

Votes:: 6 Vote for this issue

Watchers:: 12 Start watching this issue

Dates

Due:: 05/Oct/2017

Created:: 02/Aug/2017 11:27 AM

Updated:: 10/Dec/2019 5:18 AM

Resolved:: 22/Aug/2017 3:54 AM