Improve platform security


#1

Due to a change in our internal security policies we recently decided to take a look at Circle’s user security and found some fairly serious issues.

CircleCI authentication is tied to Github and generally someone with read access to a repository has unrestricted access in Circle from the context of that repository, meaning, re-building, modifying environment vars or other settings, or invoking SSH debug.

Unrestricted SSH debug is especially troubling since secrets (e.g. SSH keys) can be accessed in plain text after accessing a container.

Lack of granular security control may not be an issue for a small startup environment with an implied level of trust, but as a company grows, the need for least privilege access and security compliance in general becomes paramount.

Please consider improving user authentication system to allow for levels of access based on user role and at the very least gate the use of the SSH debug feature ASAP.


#2

We’re concerned about this as well. Primarily the issue is that deployment credentials are available in SSH debug mode, allowing relatively untrusted new developers to our team to collect all deployment credentials that would allow them access to production environments …


#3

We recently announced some additional permissions controls. Currently this is enabled by opt-in, so please let us know if you’d like us to enable it for you. Instructions are in that link.

The new permissions feature doesn’t give controls over SSH yet, though.

We appreciate that you took time to express your team needs. Just as an FYI, we look at the “Likes” on Feature Request posts in this forum to help prioritize new features.


#4

Eric - can you elaborate on SSH controls?

Who, in my GitHub organization, can SSH to a container and view the ENV VARS that I have set?

All members or just admins or something else…?

Thanks – this may be the feature that keeps me CircleCI or sends me to Travis.

Cheers, Peter


#5

Hi Peter,

This part of the blog post answers that:

This includes setting containers for your organization, project level parallelization setting, build setting etc. GitHub members or collaborators will still be able to use CircleCI’s functionality like Re-build, Re-build with cache or Re-build via SSH.


#6