paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-01 20:44:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

upgrade: Remove RabbitMQ cookie randomization code.

Browse Source 
This code was originally added in e705883857 in Zulip Server 5.0;
since we can only directly upgrade from 5.0 or later, this code is
guaranteed to have run already. Remove it.
This commit is contained in:
Alex Vandiver
2025-04-03 14:28:22 +00:00
committed by Tim Abbott
parent 7d08f32ebb
commit 53bf48a873
2 changed files with 0 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
scripts/lib/upgrade-zulip-stage-3
View File

@@ -28,7 +28,6 @@ from scripts.lib.zulip_tools import (
assert_running_as_root,
get_config,
get_config_file,
listening_publicly,
parse_version_from,
run_psql_as_postgres,
start_arg_parser,
@@ -120,37 +119,6 @@ from version import ZULIP_VERSION as NEW_ZULIP_VERSION
old_version = parse_version_from(DEPLOYMENTS_DIR + "/current")
logging.info("Upgrading from %s to %s, in %s", old_version, NEW_ZULIP_VERSION, deploy_path)
# Check if rabbitmq port 25672 is listening on anything except 127.0.0.1
rabbitmq_dist_listen = listening_publicly(25672)
# Check the erlang magic cookie size
cookie_size: int | None = None
if os.path.exists("/var/lib/rabbitmq/.erlang.cookie"):
with open("/var/lib/rabbitmq/.erlang.cookie") as cookie_fh:
cookie_size = len(cookie_fh.readline())
else:
logging.info("No RabbitMQ erlang cookie found, not auditing RabbitMQ security.")
if (args.skip_restart or args.skip_puppet) and rabbitmq_dist_listen:
logging.error(
"RabbitMQ is publicly-accessible on %s; this is a security vulnerability!",
", ".join(rabbitmq_dist_listen),
)
issue = "issue"
if cookie_size is not None and cookie_size == 20:
# See the below comment -- this is used as a lightweight
# signal for a cookie made with Erlang's bad randomizer.
logging.error(
"RabbitMQ erlang cookie is insecure; this is a critical security vulnerability!"
)
issue = "issues"
logging.error(
"To fix the above security %s, re-run the upgrade without --skip-puppet "
"(which may be set in /etc/zulip/zulip.conf), in order to restart the "
"necessary services. Running zulip-puppet-apply by itself is not sufficient.",
issue,
)
sys.exit(1)
migrations_needed = False
@@ -395,22 +363,6 @@ else:
subprocess.check_call(["./scripts/lib/run_hooks.py", "pre-deploy", *hooks_args])
if rabbitmq_dist_listen:
shutdown_server()
logging.info("Shutting down rabbitmq to adjust its ports...")
subprocess.check_call(["/usr/sbin/service", "rabbitmq-server", "stop"])
if cookie_size is not None and cookie_size == 20:
# Checking for a 20-character cookie is used as a signal that it
# was generated by Erlang's insecure randomizer, which only
# provides between 20 and 36 bits of entropy; were it 20
# characters long by a good randomizer, it would be 96 bits and
# more than sufficient. We generate, using good randomness, a
# 255-character cookie, the max allowed length.
shutdown_server()
logging.info("Generating a secure erlang cookie...")
subprocess.check_call(["./scripts/setup/generate-rabbitmq-cookie"])
if not args.skip_puppet:
# Puppet may adjust random services; to minimize risk of issues
# due to inconsistent state, we shut down the server first.

18
scripts/lib/zulip_tools.py
View File

@@ -714,24 +714,6 @@ def start_arg_parser(action: str, add_help: bool = False) -> argparse.ArgumentPa
return parser
def listening_publicly(port: int) -> list[str]:
filter = f"sport = :{port} and not src 127.0.0.1:{port} and not src [::1]:{port}"
# Parse lines that look like this:
# tcp LISTEN 0 128 0.0.0.0:25672 0.0.0.0:*
lines = (
subprocess.check_output(
["/bin/ss", "-Hnl", filter],
text=True,
# Hosts with IPv6 disabled will get "RTNETLINK answers: Invalid
# argument"; eat stderr to hide that
stderr=subprocess.DEVNULL,
)
.strip()
.splitlines()
)
return [line.split()[4] for line in lines]
def atomic_nagios_write(
name: str,
status: Literal["ok", "warning", "critical", "unknown"],