Move sensitive information out of Synchrony JVM arguments

2017-08-02T11:27:50
ID ATLASSIAN:CONFSERVER-53085
Type atlassian
Reporter jbentrup
Modified 2019-12-10T05:18:57

Description

h3. Issue

Running Synchrony as a stand-alone service for data center instances exposes sensitive information such as the database username/password, and public/private keys. These are all passed as JVM arguments. This means anyone with command-line access to the server can see this information via a {{ps}} command.   h3. To Reproduce # Set up Synchrony as a stand-alone service # Start Synchrony # Run {{ps -ef | grep synchrony}} # Results:

{code:java} synchro+  1707     1 89 18:19 ?        00:00:08 java -Xms2048k -Xmx1024m -classpath /opt/atlassian/synchrony/synchrony-standalone.jar:/opt/atlassian/synchrony/postgresql-42.1.1.jar -Dsynchrony.cluster.impl=hazelcast-btf -Dsynchrony.port=8091 -Dcluster.listen.port=5701 -Dsynchrony.cluster.base.port=25500 -Dcluster.join.type=tcpip -Dcluster.join.tcpip.members=192.168.56.1 -Dsynchrony.context.path=/synchrony -Dsynchrony.cluster.bind=192.168.56.102 -Dsynchrony.bind=192.168.56.102 -Dcluster.interfaces=192.168.56.102 -Dsynchrony.service.url=http://192.168.56.102:8091/synchrony -Dreza.service.url=http://192.168.56.102:8091/synchrony -Djwt.private.key=<PRIVATE_KEY_HERE> -Djwt.public.key=<PUBLIC_KEY_HERE> Dsynchrony.database.url=jdbc:postgresql://10.0.2.2:5432/confluence631 -Dsynchrony.database.username=<DATABASE_USERNAME_HERE> -Dsynchrony.database.password=<DATABASE_PASSWORD_HERE> -Djava.net.preferIPv4Stack=true -Dip.whitelist=192.168.56.1,localhost synchrony.core sql jason     1728  1674  0 18:19 pts/0    00:00:00 grep --color=auto synchrony{code} h3. Suggestion

Make Synchrony read this information from a file that can be locked to only be readable by the user running Synchrony.  This could be a copy of {{confluence.cfg.xml}} or a new file. h3. Workaround

Prevent unnecessary users from having shell access to the box on which Synchrony is running; i.e. deny logon by disabling or removing unneeded users from the synchrony system. Also, for Linux systems running a kernel version newer than 3.3 you can mount /proc with hidepid=1 or 2, more information on doing this can be found at [https://www.cyberciti.biz/faq/linux-hide-processes-from-other-users/] .