Security Overview...
In the interest of full-disclosure of security issues, this page is dedicated to documenting current security issues and reports with Centrallix. Like every other piece of software out there, Centrallix is written by fallible human beings, and so it is expected that there will be unrecognized security faults in this software.
Reporting Security Issues
To report a security issue that you have discovered with Centrallix, we recommend that you send email to Greg.Beeley@LightSys.org with the words "Security Report - Centrallix" in the subject line. You can also become a member of the centrallix-devel email list and send your report there.
Verifying Downloads
We sign our RPM's (as of 0.9.x) and publish MD5/SHA1 checksums. See the download page for further information. We strongly recommend that you verify the checksums and signatures on any RPM you download, in order to obtain the highest assurance that the software was actually published by LightSys.
Currently Known Issues
The biggest currently known issue is that we have not yet implemented the policy/role based access control infrastructure for Centrallix. Although Centrallix, operating in "system" authentication mode, does restrict file access to the connecting user's normal filesystem privileges, that measure alone is not sufficient to cover all potential security considerations for the software.
There are also sections of the code that are in strong need of security audit, either because they form a part of the publicly exposed attack surface, or because they are of a more "experimental" quality.
We are aware of a few memory leaks in the codebase.
We have yet to implement an SSL HTTP interface to Centrallix. When logging into Centrallix over an untrusted network connection (such as over the Internet when not using a VPN or other tunneling software), logon credentials could be exposed to a potential attacker. If you require access across an untrusted network (such as the Internet), use software such as a VPN, SSH port forwarding, SSL tunneling (stunnel), or front the server with Apache using mod_ssl and set up as a reverse proxy.
Centrallix currently uses a portable form of non-preemptive (cooperative) multi-threading via the MTASK library in the centrallix-lib package. Unfortunately, some libraries used for accessing external resources (such as database client libraries) can block the entire server while waiting for a query to finish, due to the design of these client libraries. If a user is able to cause a long-running query to execute against a remote database server, it can cause a denial of service condition during the time the query is executing.
|