-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
client: deprecate loading plugins without config #19189
Conversation
Nomad load all plugins from `plugin_dir` regardless if it is listed in the agent configuration file. This can cause unexpected binaries to be executed. This commit begins the deprecation process of this behaviour. The Nomad agent will emit a warning log for every plugin binary found without a corresponding agent configuration block.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The existing autoloading behavior is nice in that you can manage plugins without restarting the Nomad agent. This simplifies operations, packaging, and scripting.
Furthermore it seems unlikely an attacker able to write to the plugin_dir
couldn't stage other attacks on the system as well.
That being said "seems unlikely" is a poor security posture, and the closest HashiCorp prior art I could find is Vault's plugin system which has an explicit register-before-use
step: https://developer.hashicorp.com/vault/docs/plugins/plugin-management
So let's ship this. We could add an autoload_plugins = true|false
agent configuration knob to control this behavior, but I think we should wait for that feature request. Nomad already has no many knobs that subtlety change security properties I would hate to add more without good reason.
Co-authored-by: Michael Schurter <mschurter@hashicorp.com>
Nomad load all plugins from `plugin_dir` regardless if it is listed in the agent configuration file. This can cause unexpected binaries to be executed. This commit begins the deprecation process of this behaviour. The Nomad agent will emit a warning log for every plugin binary found without a corresponding agent configuration block. --------- Co-authored-by: Michael Schurter <mschurter@hashicorp.com>
Nomad load all plugins from `plugin_dir` regardless if it is listed in the agent configuration file. This can cause unexpected binaries to be executed. This commit begins the deprecation process of this behaviour. The Nomad agent will emit a warning log for every plugin binary found without a corresponding agent configuration block. --------- Co-authored-by: Michael Schurter <mschurter@hashicorp.com>
Nomad load all plugins from
plugin_dir
regardless if it is listed in the agent configuration file. This can cause unexpected binaries to be executed.This commit begins the deprecation process of this behaviour. The Nomad agent will emit a warning log for every plugin binary found without a corresponding agent configuration block.
Ref: #18529