P4DTI issue job000220

TitlePerforce admin/superuser password is in clear in config.py
Statussuspended
Priorityoptional
Assigned userDavid Jones
OrganizationPerforce
DescriptionThe replicator's Perforce user's password is in clear in config.py (and so is the replicator's MySQL user's password, for the Bugzilla integration). This user must have at least 'admin' privileges in Perforce, so this is a security risk.
AnalysisThis is Perforce job 5004. The replicator's Perforce user must have at least the 'admin' protection mode in Perforce, to enable it to change the jobspec. Before Perforce 2002.2, the replicator user had to be a Perforce superuser, so this security risk was more severe.
We could re-architect the replicator so that it has two pieces: (1) a setup script that changes the Perforce jobspec and (2) a daemon that does the rest of the work. Piece (1) must be run by hand by the administrator; it requests that the administrator enter the Perforce user password. Piece (2) doesn't need to be any special Perforce user since it doesn't change the jobspec; it can run as an ordinary user.
We could make the replicator take the password as a command-line argument. Then (under Unix) the password could be in a root-owned file (with permissions 0500), rather than a file which has to be readable by the P4DTI user.
GDR 2001-05-04: We need to write about this in section 5.1 of the AG. We could say: (1) make sure that the config file is protected (could the replicator check this? possibly it could on Unix); (2) specify the IP address of the host in the protections table so that the replicator user can only connect from a particular host; (3) don't use a real superuser password for the replicator's password!
NB 2003-09-26: We have modified the RPM install script so that config.py* is not world-readable. This does not help a .tar.gz install (e.g. Solaris) or on Windows. We have also updated the AG to say that the P4DTI directory should be protected.
How foundcustomer
Evidence<http://info.ravenbrook.com/mail/2001/02/19/23-44-04/0.txt>
This is Perforce job job005004.
Observed in0.4.2
Created byGareth Rees
Created on2001-02-20 13:06:49
Last modified byNick Barnes
Last modified on2018-07-05 17:27:31
History2001-02-20 GDR Created.
2001-05-04 GDR Added analysis.
2001-08-07 NB Added note on permissions to analysis.
2003-08-12 NB Updated to reflect the Perforce admin protection mode.
2003-09-26 NB Updated to reflect change to RPM install script.
       2018-07-05 NB Suspended because the P4DTI is obsolete.
Support

Advice for all releases.

Fixes

Change Effect Date User Description
58350 open 2003-09-26 16:46:17 Nick Barnes Add warning about permissions on P4DTI directory.
58345 open 2003-09-26 16:11:44 Nick Barnes Conceal passwords in config.py*