Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(services/pam): Do not expose internal errors to client #420

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(services/pam): Do not expose internal errors to client #420

wants to merge 1 commit into from

Conversation

denisonbarbosa
Copy link
Member

@denisonbarbosa denisonbarbosa commented Jul 5, 2024
edited
Loading

This is to mimic the behavior of other PAM modules better. They show a generic error message to avoid leaking information that could help attackers.

UDENG-3420
UDENG-3419
UDENG-3412
UDENG-3418

@denisonbarbosa
Redact internal error messages to prevent leaks
3228f85 
This is to mimic a little better the behavior of other PAM modules. They
show a generic error message to avoid leaking information that could
potentially help attackers.
@denisonbarbosa denisonbarbosa marked this pull request as ready for review July 5, 2024 15:00
@denisonbarbosa denisonbarbosa requested a review from a team as a code owner July 5, 2024 15:00
@codecov-commenter
Copy link

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 84.61%. Comparing base (34e22c8) to head (3228f85).
Report is 6 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #420      +/-   ##
==========================================
+ Coverage   84.44%   84.61%   +0.17%     
==========================================
  Files          77       77              
  Lines        6713     6749      +36     
  Branches       75       75              
==========================================
+ Hits         5669     5711      +42     
+ Misses        732      728       -4     
+ Partials      312      310       -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

3v1n0
3v1n0 reviewed Jul 8, 2024
View reviewed changes
internal/services/pam/pam.go
Comment on lines +358 to +364
func redactError(err *error) {
if *err == nil {
return
}
slog.Debug(fmt.Sprintf("%v", err))
*err = errGeneric
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, from my POV this is a bit too agrressive, since it's also changing the messages that the broker wants us to write with a generic "authentication failure".

While things such as invalid password 'really, it's not a goodpass!', should be 'goodpass' which are the broker auth messages should be exposed by the UI as they are.

Not sure what's the best way to filter them though. But ideally it's up to the broker not to send private details as Authentication message, while it may indeed provide more useful information for other kind of failures (for example on time out, or when something requires an user action).

Copy link
Member Author

@denisonbarbosa denisonbarbosa Jul 16, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree and disagree also. I agree that this is indeed aggressive, but that's what other PAM modules tend to do as well to avoid leaking anything that could potentially be used by an attacker.

Also, the whole point of authd is to be a layer between 3rd party brokers and the machine. It's our business logic to ensure that what we show the user is what can be shown. Expecting the brokers to respect and match what we do locally defeats part of the purpose.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@3v1n0 3v1n0 3v1n0 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@denisonbarbosa @codecov-commenter @3v1n0