Project

General

Profile

Actions
Copy link

Bug #5651

closed

The 'trusted_hosts' config key has an unintuitive (and potentially dangerous) behavior

Added by Jon McKenzie about 10 years ago. Updated over 9 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Foreman - 1.4.2
Red Hat JIRA:

Description

According to the Foreman documentation:

[trusted_hosts] is the list of hosts from which the smart proxy will accept connections. If this list is empty then every verified SSL connection is allowed to access the API.

There are two issues:

  • This behavior is unintuitive. An empty list of trusted hosts should imply that no hosts are trusted, not that all hosts are trusted. An implication of the current behavior is that I would need to enter in a bogus trusted host in order to disable all remote access.
  • The proxy (at least in Foreman 1.4.2) accepts ALL connections when trusted_hosts is empty, not just verified connections. In a test deployment, we were able to access the API via curl without providing any credentials or certificates/keys when trusted_hosts was empty.

Related issues 2 (0 open2 closed)

Is duplicate of Smart Proxy - Bug #7822: CVE-2014-3691 - Smart proxy doesn't perform verification of client SSL certificate on API requestsClosedDominic Cleal10/06/2014Actions
Is duplicate of Smart Proxy - Bug #6589: Trusted host list seems to be ignoredClosedDominic Cleal07/11/2014Actions
Actions
Copy link

Also available in: Atom PDF