You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am writing a proxy server software in Node.js (https://github.com/PHJArea217/universal-relay to be specific). The nature of the proxy is that it can remotely make TCP connections to arbitrary targets, domain names, and ports, which could include the node.js debugger port. Normally, in production, the debugger is disabled. But there is a risk that the process could receive a SIGUSR1 (which could be easily triggered by k in htop and selecting SIGUSR1, while trying to do other things, like strace on the nodejs process, by s on the node.js process in htop) and allow remote compromise through the proxy functionality in different ways.
I currently have considered:
process.on('SIGUSR1', a=>0);
on the very top of index.js.
Because of the nature of the proxy server, this can still be accessible remotely even if the debug port is bound to 127.0.0.1 since the proxy server is designed to allows connections to 127.0.0.1 in the default configuration (security of this in relation to other localhost-bound services is out of scope of this question).
I think this would have been prevented since the attacker would have to guess the 128-bit UUID to compromise the process, but I'm not so certain about that given the security implications that would result if the attacker didn't have to guess the UUID.
The question is, are my security concerns valid, and is the above line of code sufficient to prevent this?
Node.js version
v18.19.0 (nodejs in Debian)
Example code
See above.
Operating system
Debian Linux
Scope
runtime
Module and version
Not applicable.
The text was updated successfully, but these errors were encountered:
Details
I am writing a proxy server software in Node.js (https://github.com/PHJArea217/universal-relay to be specific). The nature of the proxy is that it can remotely make TCP connections to arbitrary targets, domain names, and ports, which could include the node.js debugger port. Normally, in production, the debugger is disabled. But there is a risk that the process could receive a SIGUSR1 (which could be easily triggered by
k
in htop and selecting SIGUSR1, while trying to do other things, like strace on the nodejs process, bys
on the node.js process in htop) and allow remote compromise through the proxy functionality in different ways.I currently have considered:
on the very top of
index.js
.Because of the nature of the proxy server, this can still be accessible remotely even if the debug port is bound to 127.0.0.1 since the proxy server is designed to allows connections to 127.0.0.1 in the default configuration (security of this in relation to other localhost-bound services is out of scope of this question).
I think this would have been prevented since the attacker would have to guess the 128-bit UUID to compromise the process, but I'm not so certain about that given the security implications that would result if the attacker didn't have to guess the UUID.
The question is, are my security concerns valid, and is the above line of code sufficient to prevent this?
Node.js version
v18.19.0 (nodejs in Debian)
Example code
See above.
Operating system
Debian Linux
Scope
runtime
Module and version
Not applicable.
The text was updated successfully, but these errors were encountered: