docker-worker: Providing credentials to docker-worker proxies via env vars is dangerous

RESOLVED FIXED

Status

Taskcluster
Worker
RESOLVED FIXED
3 years ago
5 months ago

People

(Reporter: dustin, Unassigned)

Tracking

Details

(Whiteboard: [docker-worker])

https://docs.docker.com/userguide/dockerlinks/

> Warning: It is important to understand that all environment variables 
> originating from Docker within a container are made available to any container 
> that links to it. This could have serious security implications if sensitive 
> data is stored in them.

Yet taskcluster-proxy will accept credentials via env:

  https://github.com/taskcluster/taskcluster-proxy/blob/master/main.go#L58

taskcluster-vpn-proxy takes vpn configuration in a directory:

  https://github.com/taskcluster/taskcluster-vpn-proxy/blob/master/Dockerfile#L17

but takes other config via env var.  Testdroid-proxy seems to do the right thing (command-line only).

At the least, taskcluster-proxy should not accept credentials via env var.  Ideally, no proxy should accept any configuration that way.
Summary: Providing credentials to docker-worker proxies is dangerous → Providing credentials to docker-worker proxies via env vars is dangerous
Summary: Providing credentials to docker-worker proxies via env vars is dangerous → docker-worker: Providing credentials to docker-worker proxies via env vars is dangerous
Component: TaskCluster → Docker-Worker
Product: Testing → Taskcluster
Whiteboard: [relsec]
Whiteboard: [relsec] → [docker-worker]
Component: Docker-Worker → Worker
I think this was fixed...
Status: NEW → RESOLVED
Last Resolved: 5 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.