cloudflared icon indicating copy to clipboard operation
cloudflared copied to clipboard
verified publisher icon cloudflare

Cloudflared service runs as root 🐛

Open darius-m opened this issue 3 years ago • 0 comments

Describe the bug The cloudflared service install creates a service file that runs the cloudflared process as root. Unless some privileged operation is required (e.g. raw sockets), the service should run as a non-privileged user, such as cloudflared. Even with trusted processes, bugs that allow privilege escalation can appear.

To Reproduce Steps to reproduce the behavior:

  1. Run cloudflared service install;
  2. A service file that starts the cloudflared process as root is created;
  3. The cloudflare tunnel token is also visible in the service file (also reported by #666).

Expected behavior The cloudflare service runs as a non-privileged user, such as cloudflared. Additional restrictions, such as SELinux policies (e.g., similar to nginx), should also improve security.

Environment and versions

  • OS: Centos Stream 8
  • Architecture: AMD64 (should not be architecture-dependent)
  • Version: 2022.6.2

Additional context The issue may be resolved by adding User=cloudflared to the Service section of the configuration file. The user would have to be created, likely as a system user.

darius-m avatar Jun 20 '22 15:06 darius-m