After getting feedback on stackernews, addressed the following security concerns in the latest pull request
Updates installer to resolve the issues raised in #11
Addressed the following:
- Shell injection vulnerability
os.system()
calls have been replaced bysubprocess.run()
and checks the output before proceeding with the script- Reads though list of arguments
- Environmental variables are loaded from
.env
file, overwriting any existing env var
- Insecure file permissions
- Only file permission that is changed is the
.env
file to limit access (600
) - Otherwise access is granted to file through an
ACL
by addingrelay_service
group read permissions
- Only file permission that is changed is the
- Sensitive data exposure
- No longer echo
script_user
in setup script - No longer need to learn the script user, took a different approach to granting file access
- No longer echo
- Arbitrary File Deletion
- Just use simple
rm
to delete the existingdefault
NGINX config
- Just use simple
- Unchecked return values
- All
subprocess.run()
calls check return values- If not explicitly checked, nested withing
try
/except
blocks
- If not explicitly checked, nested withing
- All
- Insecure Temporary File
- Better error handling for checking if file exists before overwriting
Enhancements
- Added encryption to
.env
file when at rest- Gathers user supplied password, uses key stretching with a
Fernet
key to encrypt file - Programmaticlly re-encrypts
.env
file after starting docker compose stack - Includes main menu option to
decrypt
/encrypt
.env
file for editing
- Gathers user supplied password, uses key stretching with a
Bug fixes
- Mounts Postgres data to host file system for persistent storage
- Was left previously unmounted for testing purposes