Merge pull request #57090 from dwoz/bugs_n_stuff

Address Issues in CVE Release
2025-04-17 10:10:20 +00:00 · 2020-05-05 15:09:25 -07:00 · 2020-05-05 15:09:25 -07:00 · 8fe0f66f94
commit 8fe0f66f94
parent 72df4dd403 f3e8590bac
7 changed files with 132 additions and 4 deletions
--- a/doc/topics/hardening.rst
+++ b/doc/topics/hardening.rst
@ -22,7 +22,8 @@ General hardening tips
 - Don't expose the Salt master any more than what is required.
 - Harden the system as you would with any high-priority target.
 - Keep the system patched and up-to-date.
- Use tight firewall rules.
+- Use tight firewall rules. Pay particular attention to TCP/4505 and TCP/4506
+  on the salt master and avoid exposing these ports unnecessarily.

 Salt hardening tips
 ===================
--- a/doc/topics/index.rst
+++ b/doc/topics/index.rst
@ -110,6 +110,12 @@ is hosted by Google Groups. It is open to new members.

 .. _`salt-users mailing list`: https://groups.google.com/forum/#!forum/salt-users

+Additionally, all users of Salt should be subscribed to the Announcements mailing
+list which contains important updates about Salt, such as new releaes and
+security-related announcements. This list is low-traffic.
+
+.. _`salt-announce mailing list`: https://groups.google.com/forum/#!forum/salt-announce
+

 IRC
 ===
@ -135,6 +141,11 @@ is happening in Salt development:

 |saltrepo|

+Long-term planning and strategic decisions are handled via Salt Enhancement Proposals
+and can be found on GitHub.
+
+.. _`Salt Enhancement Proposals`: https://github.com/saltstack/salt-enhancement-proposals
+

 Blogs
 =====
--- a/doc/topics/releases/2019.2.5.rst
+++ b/doc/topics/releases/2019.2.5.rst
@ -0,0 +1,5 @@
+===========================
+Salt 2019.2.5 Release Notes
+===========================
+
+Version 2019.2.5 is a bug-fix release for :ref:`2019.2.0 <release-2019-2-0>`.
--- a/salt/master.py
+++ b/salt/master.py
@ -1177,9 +1177,9 @@ class AESFuncs(TransportMethods):
        'verify_minion', '_master_tops', '_ext_nodes', '_master_opts',
        '_mine_get', '_mine', '_mine_delete', '_mine_flush', '_file_recv',
        '_pillar', '_minion_event', '_handle_minion_event', '_return',
-        '_syndic_return', '_minion_runner', 'pub_ret', 'minion_pub',
-        'minion_publish', 'revoke_auth', 'run_func', '_serve_file',
-        '_file_find', '_file_hash', '_file_find_and_stat', '_file_list',
+        '_syndic_return', 'minion_runner', 'pub_ret', 'minion_pub',
+        'minion_publish', 'revoke_auth', '_serve_file', '_file_find',
+        '_file_hash', '_file_hash_and_stat', '_file_list',
        '_file_list_emptydirs', '_dir_list', '_symlink_list', '_file_envs',
    )

--- a/salt/wheel/config.py
+++ b/salt/wheel/config.py
@ -12,6 +12,7 @@ import os
 import salt.config
 import salt.utils.files
 import salt.utils.yaml
+import salt.utils.verify

 # Import 3rd-party libs
 from salt.ext import six
--- a/tests/integration/master/test_clear_funcs.py
+++ b/tests/integration/master/test_clear_funcs.py
@ -176,6 +176,7 @@ class ClearFuncsConfigTest(TestCase):
        ret = clear_channel.send(msg, timeout=5)
        assert not os.path.exists(os.path.join(self.conf_dir, 'evil.conf')), \
            'Wrote file via directory traversal'
+        assert ret['data']['return'] == 'Invalid path'


 class ClearFuncsFileRoots(TestCase):
--- a/tests/unit/test_master.py
+++ b/tests/unit/test_master.py
@ -32,6 +32,115 @@ class TransportMethodsTest(TestCase):
        assert foo.get_method('bar') is not None
        assert foo.get_method('bang') is None

+    def test_aes_funcs_white(self):
+        '''
+        Validate methods exposed on AESFuncs exist and are callable
+        '''
+        opts = salt.config.master_config(None)
+        aes_funcs = salt.master.AESFuncs(opts)
+        for name in aes_funcs.expose_methods:
+            func = getattr(aes_funcs, name, None)
+            assert callable(func)
+
+    def test_aes_funcs_black(self):
+        '''
+        Validate methods on AESFuncs that should not be called remotely
+        '''
+        opts = salt.config.master_config(None)
+        aes_funcs = salt.master.AESFuncs(opts)
+        # Any callable that should not explicitly be allowed should be added
+        # here.
+        blacklist_methods = [
+            '_AESFuncs__setup_fileserver',
+            '_AESFuncs__verify_load',
+            '_AESFuncs__verify_minion',
+            '_AESFuncs__verify_minion_publish',
+            '__class__',
+            '__delattr__',
+            '__dir__',
+            '__eq__',
+            '__format__',
+            '__ge__',
+            '__getattribute__',
+            '__gt__',
+            '__hash__',
+            '__init__',
+            '__init_subclass__',
+            '__le__',
+            '__lt__',
+            '__ne__',
+            '__new__',
+            '__reduce__',
+            '__reduce_ex__',
+            '__repr__',
+            '__setattr__',
+            '__sizeof__',
+            '__str__',
+            '__subclasshook__',
+            'get_method',
+            'run_func',
+
+        ]
+        for name in dir(aes_funcs):
+            if name in aes_funcs.expose_methods:
+                continue
+            if not callable(getattr(aes_funcs, name)):
+                continue
+            assert name in blacklist_methods, name
+
+    def test_clear_funcs_white(self):
+        '''
+        Validate methods exposed on ClearFuncs exist and are callable
+        '''
+        opts = salt.config.master_config(None)
+        clear_funcs = salt.master.ClearFuncs(opts, {})
+        for name in clear_funcs.expose_methods:
+            func = getattr(clear_funcs, name, None)
+            assert callable(func)
+
+    def test_clear_funcs_black(self):
+        '''
+        Validate methods on ClearFuncs that should not be called remotely
+        '''
+        opts = salt.config.master_config(None)
+        clear_funcs = salt.master.ClearFuncs(opts, {})
+        blacklist_methods = [
+            '__class__',
+            '__delattr__',
+            '__dir__',
+            '__eq__',
+            '__format__',
+            '__ge__',
+            '__getattribute__',
+            '__gt__',
+            '__hash__',
+            '__init__',
+            '__init_subclass__',
+            '__le__',
+            '__lt__',
+            '__ne__',
+            '__new__',
+            '__reduce__',
+            '__reduce_ex__',
+            '__repr__',
+            '__setattr__',
+            '__sizeof__',
+            '__str__',
+            '__subclasshook__',
+            '_prep_auth_info',
+            '_prep_jid',
+            '_prep_pub',
+            '_send_pub',
+            '_send_ssh_pub',
+            'get_method',
+        ]
+        for name in dir(clear_funcs):
+            if name in clear_funcs.expose_methods:
+                continue
+            if not callable(getattr(clear_funcs, name)):
+                continue
+            assert name in blacklist_methods, name
+

 class ClearFuncsTestCase(TestCase):
    '''