This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new b3f2467 [webserver] tag a few flags as sensitive
b3f2467 is described below
commit b3f2467eb66c6ce840453f82c8c376f3ef94372d
Author: Alexey Serbin <[email protected]>
AuthorDate: Mon Jul 12 11:37:52 2021 -0700
[webserver] tag a few flags as sensitive
This patch marks a few flags of the embedded webserver as 'sensitive',
forcing the redaction of their values while logging those in the logfile
or showing them in the UI served by the embedded webserver. Yes, that's
rather "security by obscurity" practice, but it could help in preventing
unintentional leaks in the absence of proper FS access restrictions
and in avoiding false-positives reported by various automated security
scanners.
* --webserver_private_key_file
this file may contain a private key file in non-encrypted form
* --webserver_private_key_password_cmd
the value of this flag may contain a password for the private key
file in a plain form or other sensitive info provided as arguments
for the command
* --webserver_password_file
this file contains user names and encrypted/hashed passwords
Change-Id: I187c6e8118a3e118299da1e3f7321f48c5eb9e05
Reviewed-on: http://gerrit.cloudera.org:8080/17679
Reviewed-by: Andrew Wong <[email protected]>
Tested-by: Kudu Jenkins
---
src/kudu/server/webserver_options.cc | 83 ++++++++++++++++++++----------------
1 file changed, 47 insertions(+), 36 deletions(-)
diff --git a/src/kudu/server/webserver_options.cc
b/src/kudu/server/webserver_options.cc
index 33237ab..880c457 100644
--- a/src/kudu/server/webserver_options.cc
+++ b/src/kudu/server/webserver_options.cc
@@ -43,7 +43,8 @@ static std::string GetDefaultDocumentRoot();
// This makes it easier to instantiate web servers with different options
// within a single unit test.
DEFINE_string(webserver_interface, "",
- "Interface to start debug webserver on. If blank, webserver binds to
0.0.0.0");
+ "Interface to start the embedded webserver on. If blank, the webserver "
+ "binds to 0.0.0.0");
TAG_FLAG(webserver_interface, advanced);
DEFINE_string(webserver_advertised_addresses, "",
@@ -56,44 +57,54 @@ DEFINE_string(webserver_advertised_addresses, "",
TAG_FLAG(webserver_advertised_addresses, advanced);
DEFINE_string(webserver_doc_root, kudu::GetDefaultDocumentRoot(),
- "Files under <webserver_doc_root> are accessible via the debug webserver. "
- "Defaults to $KUDU_HOME/www, or if $KUDU_HOME is not set, disables the
document "
- "root");
+ "Files under <webserver_doc_root> are accessible via the embedded "
+ "webserver. Defaults to $KUDU_HOME/www, or if $KUDU_HOME is not set, "
+ "disables the document root");
TAG_FLAG(webserver_doc_root, advanced);
DEFINE_bool(webserver_enable_doc_root, true,
"If true, webserver may serve static files from the webserver_doc_root");
TAG_FLAG(webserver_enable_doc_root, advanced);
-// SSL configuration.
+// TLS/SSL configuration.
DEFINE_string(webserver_certificate_file, "",
- "The location of the debug webserver's SSL certificate file, in PEM
format. If "
- "empty, webserver SSL support is not enabled. If
--webserver_private_key_file "
- "is set, this option must be set as well.");
-DEFINE_string(webserver_private_key_file, "", "The full path to the private
key used as a"
- " counterpart to the public key contained in --webserver_certificate_file.
If "
- "--webserver_certificate_file is set, this option must be set as well.");
-DEFINE_string(webserver_private_key_password_cmd, "", "A Unix command whose
output "
- "returns the password used to decrypt the Webserver's certificate private
key file "
- "specified in --webserver_private_key_file. If the PEM key file is not "
- "password-protected, this flag does not need to be set. Trailing
whitespace will be trimmed "
- "before it is used to decrypt the private key");
+ "The location of the embedded webserver's TLS/SSL certificate file, in PEM
"
+ "format. If empty, webserver TLS/SSL support is not enabled. "
+ "If --webserver_private_key_file is set, this option must be set as
well.");
TAG_FLAG(webserver_certificate_file, stable);
+
+DEFINE_string(webserver_private_key_file, "",
+ "The full path to the private key used as a counterpart to the public key "
+ "contained in --webserver_certificate_file. This flag must be set if "
+ "the --webserver_certificate_file flag is set.");
+TAG_FLAG(webserver_private_key_file, sensitive);
TAG_FLAG(webserver_private_key_file, stable);
+
+DEFINE_string(webserver_private_key_password_cmd, "",
+ "A Unix command whose output returns the password to decrypt the private "
+ "key of the webserver's certificate pointed to by the "
+ "--webserver_private_key_file flag. If the PEM key file is not "
+ "password-protected, this flag does not need to be set. Trailing "
+ "whitespace will be trimmed before it is used to decrypt the private key");
+TAG_FLAG(webserver_private_key_password_cmd, sensitive);
TAG_FLAG(webserver_private_key_password_cmd, stable);
DEFINE_string(webserver_authentication_domain, "",
- "Domain used for debug webserver authentication");
+ "Domain used for the authentication by the embedded webserver");
+
DEFINE_string(webserver_password_file, "",
- "(Optional) Location of .htpasswd file containing user names and hashed
passwords for"
- " debug webserver authentication");
+ "Location of .htpasswd file containing user names and hashed "
+ "passwords for the authentication performed by the embedded webserver "
+ "(NOTE: for better protection, consider configuring SPNEGO using the "
+ "--webserver_require_spnego flag)");
+TAG_FLAG(webserver_password_file, sensitive);
DEFINE_int32(webserver_num_worker_threads, 50,
- "Maximum number of threads to start for handling web server
requests");
+ "Maximum number of threads to start for handling webserver
requests");
TAG_FLAG(webserver_num_worker_threads, advanced);
DEFINE_int32(webserver_port, 0,
- "Port to bind to for the web server");
+ "Port to bind to for the webserver");
TAG_FLAG(webserver_port, stable);
DEFINE_string(webserver_tls_ciphers,
@@ -110,7 +121,7 @@ DEFINE_string(webserver_tls_min_protocol,
kudu::security::SecurityDefaults::kDef
TAG_FLAG(webserver_tls_min_protocol, advanced);
DEFINE_bool(webserver_require_spnego, false,
- "Require connections to the web server to authenticate via
Kerberos "
+ "Require connections to the webserver to authenticate via Kerberos
"
"using SPNEGO.");
TAG_FLAG(webserver_require_spnego, stable);
@@ -144,20 +155,20 @@ static string GetDefaultDocumentRoot() {
}
WebserverOptions::WebserverOptions()
- : bind_interface(FLAGS_webserver_interface),
- webserver_advertised_addresses(FLAGS_webserver_advertised_addresses),
- port(FLAGS_webserver_port),
- doc_root(FLAGS_webserver_doc_root),
- enable_doc_root(FLAGS_webserver_enable_doc_root),
- certificate_file(FLAGS_webserver_certificate_file),
- private_key_file(FLAGS_webserver_private_key_file),
- private_key_password_cmd(FLAGS_webserver_private_key_password_cmd),
- authentication_domain(FLAGS_webserver_authentication_domain),
- password_file(FLAGS_webserver_password_file),
- tls_ciphers(FLAGS_webserver_tls_ciphers),
- tls_min_protocol(FLAGS_webserver_tls_min_protocol),
- num_worker_threads(FLAGS_webserver_num_worker_threads),
- require_spnego(FLAGS_webserver_require_spnego) {
+ : bind_interface(FLAGS_webserver_interface),
+ webserver_advertised_addresses(FLAGS_webserver_advertised_addresses),
+ port(FLAGS_webserver_port),
+ doc_root(FLAGS_webserver_doc_root),
+ enable_doc_root(FLAGS_webserver_enable_doc_root),
+ certificate_file(FLAGS_webserver_certificate_file),
+ private_key_file(FLAGS_webserver_private_key_file),
+ private_key_password_cmd(FLAGS_webserver_private_key_password_cmd),
+ authentication_domain(FLAGS_webserver_authentication_domain),
+ password_file(FLAGS_webserver_password_file),
+ tls_ciphers(FLAGS_webserver_tls_ciphers),
+ tls_min_protocol(FLAGS_webserver_tls_min_protocol),
+ num_worker_threads(FLAGS_webserver_num_worker_threads),
+ require_spnego(FLAGS_webserver_require_spnego) {
}
} // namespace kudu
