Closed Bug 1120955 Opened 11 years ago Closed 10 years ago

[mig agent] pipe module parameters

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: jvehent, Assigned: jvehent)

References

Details

Julien Vehent

Assignee

Description

•

11 years ago

Upon processing of a command, mig-agent invokes a module by executing it and passing parameters on the command line. This approach, while straighforward to implement, is showing limitations: - sensitive parameters, like searches for secrets in files, are visible in the process table and captured and logged by auditd - the maximum parameter size is limited by the max length of command line arguments, which is problematic for operations that have a large number of parameters A better approach would be to pipe module parameters and module results between the agent and the module. This could be done using any flavor of socket.

Julien Vehent

Assignee

Updated

•

10 years ago

Depends on: 1130749

Julien Vehent

Assignee

Comment 1

•

10 years ago

Fixed in https://github.com/mozilla/mig/pull/51

Status: NEW → RESOLVED

Closed: 10 years ago

Resolution: --- → FIXED

Nobody; OK to take it and work on it

Updated

•

10 years ago

Component: Operations Security (OpSec): MIG → MIG

Product: mozilla.org → Enterprise Information Security

BMO Automation

Updated

•

5 years ago

Product: Enterprise Information Security → Enterprise Information Security Graveyard

You need to log in before you can comment on or make changes to this bug.

Bugzilla

[mig agent] pipe module parameters

Categories

(Enterprise Information Security Graveyard :: MIG, task)

Tracking

(Not tracked)

People

(Reporter: jvehent, Assigned: jvehent)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Updated

Updated