Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make allowInsecureRegistries follow Docker semantics for use-insecure-registries #643

Closed
chanseokoh opened this issue Jul 17, 2018 · 3 comments
Closed

Make allowInsecureRegistries follow Docker semantics for use-insecure-registries #643

chanseokoh opened this issue Jul 17, 2018 · 3 comments
Assignees
@chanseokoh

Comments

@chanseokoh
Copy link
Member

chanseokoh commented Jul 17, 2018
edited
Loading

Just ignore the certification error and proceed with HTTPS.

https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry

With insecure registries enabled, Docker goes through the following steps:

  • First, try using HTTPS.
    • If HTTPS is available but the certificate is invalid, ignore the error about the certificate.
    • If HTTPS is not available, fall back to HTTP.

When implemented, cases like #543 will be supported naturally and we will be able to remove the workaround doc: https://github.com/GoogleContainerTools/jib/blob/master/docs/configure-gcp-credentials.md

Should update docs once fixed.
This was referenced Jul 18, 2018
Closed
Closed
Merged
@chanseokoh
Copy link
Member Author

chanseokoh commented Jul 19, 2018
edited
Loading

Just documenting here the security implication of allowInsecureRepositories that I am aware of, once this is fixed.

Jib will proceed with HTTPS when the server certificate (including a self-signed one) cannot be verified. The user may mistype the server URL and accidentally connect to a malicious server whose URL is set up to resemble the original server URL. TLS can't verify the server, but since allowInsecureRepositories is set, Jib proceeds and sends the password to the malicious server.

Not just that, it opens up the main in the middle (MITM) attack for anyone sitting at any of the routers or proxies the request passes though. Or somebody could exploit some DNS attacks.

@chanseokoh chanseokoh self-assigned this Jul 20, 2018
@chanseokoh
Copy link
Member Author

Fortunately, ApacheHttpTransport already provides a helper method to skip the validation.

    Builder transportBuilder = new ApacheHttpTransport.Builder();
    if (!turnOffCertificateValidation) {
      transportBuilder.doNotValidateCertificate();
    }
    requestFactory = transportBuilder.build().createRequestFactory();

@chanseokoh chanseokoh mentioned this issue Jul 23, 2018
Merged
@chanseokoh chanseokoh changed the title allowInsecureRegistries should not fall back to HTTP when SSL verification fails If SSL certificate verification fails, allowInsecureRegistries should try second attempt without verifying certificate before falling back to HTTP Jul 23, 2018
@chanseokoh chanseokoh changed the title If SSL certificate verification fails, allowInsecureRegistries should try second attempt without verifying certificate before falling back to HTTP Make allowInsecureRegistries follow Docker semantics for use-insecure-registries Jul 23, 2018
This was referenced Jul 24, 2018
Merged
Merged
@chanseokoh
Copy link
Member Author

Should also update the docs, once this is fixed.

@TadCordle TadCordle mentioned this issue Aug 1, 2018
Merged
@chanseokoh chanseokoh mentioned this issue Aug 1, 2018
Closed
@briandealwis briandealwis mentioned this issue Aug 22, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chanseokoh chanseokoh

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chanseokoh