Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PIO Home server security model #3397

Closed
1 task done
FedericoCeratto opened this issue Mar 1, 2020 · 5 comments
Closed
1 task done

PIO Home server security model #3397

FedericoCeratto opened this issue Mar 1, 2020 · 5 comments
Assignees
@ivankravets
Labels
bug home known issue
Milestone
5.1.0

Comments

@FedericoCeratto
Copy link

FedericoCeratto commented Mar 1, 2020
edited
Loading

  • PlatformIO Core

Configuration

Operating system: any

PlatformIO Version: any

Description of problem

Initially described in: https://community.platformio.org/t/pio-home-security-issue/12196

When platformio home is run by a user, PIO has unlimited access to the user's home directory.

PIO home on http://127.0.0.1:8008 exposes the home contents:

  • to any other local user
  • to any (potentially malicious) website that can connect to localhost (e.g. using javascript and websockets)
  • to any (potentially malicious) PIO library

Suggested mitigations

On Linux the process can be sandboxed by either:

  • Ship a firejail profile and start platformio under firejail
  • Run platformio as a system process using systemd sandboxing capabilities
  • Implement native sandboxing

The sandboxing is meant to limit which paths the process (and its children) can read and write from.

EDIT: I'm happy to contribute the systemd sandboxing if needed.
@ivankravets ivankravets added this to the Backlog milestone Mar 13, 2020
@ivankravets ivankravets changed the title PIO home security model PIO Home server security model Mar 13, 2020
@ivankravets ivankravets modified the milestones: Backlog, 4.4.0 May 5, 2020
@ivankravets
Copy link
Member

Thanks for the report. We will generate a secure token on a server side and use it for clients.

@ivankravets ivankravets modified the milestones: 4.4.0, Backlog May 20, 2020
@ivankravets ivankravets modified the milestones: Backlog, 5.0.5 Jan 16, 2021
@ivankravets ivankravets self-assigned this Jan 22, 2021
@FedericoCeratto
Copy link
Author

@ivankravets the token provides a basic form of authentication/authorization but cannot not provide any protection to the user's home directory from a platformio instance that is running untrusted code or has been otherwise compromised.
Can you please reopen the bug report? Thanks.

@ivankravets
Copy link
Member

but cannot not provide any protection to the user's home directory from a platformio instance

Have you tried the latest development version? The upcoming PlatformIO IDE 2.1 will use a unique session ID for each session. So, you will not be able to connect to the existing session.

@FedericoCeratto
Copy link
Author

Yes, hence my answer. The unique session ID provides only authentication/authorization and is besides the point of sandboxing. PlatformIO downloads and executes a lot of code and tools and communicates with many devices, leading to large attack surface.

@ivankravets
Copy link
Member

So, this is a different story. In this case, you can use Docker or similar virtualization platforms and connect your hardware to them.

We agree, we had a security issue with PIO Home but it is now resolved.

@ivankravets ivankravets mentioned this issue Jan 28, 2021
Closed
5 tasks
This was referenced Mar 18, 2021
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ivankravets ivankravets

Labels
bug home known issue
Projects
None yet
Milestone
5.1.0
Development

No branches or pull requests
2 participants
@FedericoCeratto @ivankravets