feat: rootless podman, session hardening, boot stability, sidebar fix
Rootless podman migration (TASK-11): - Remove sudo from all podman calls in PodmanClient + 8 backend files - Remove sudo from all podman/docker calls in deploy script - Restore full systemd security hardening: NoNewPrivileges, RestrictAddressFamilies, MemoryDenyWriteExecute, RestrictRealtime, RestrictNamespaces, RestrictSUIDSGID, SystemCallFilter, ProtectSystem=strict - Enable loginctl linger for rootless container persistence - Remove Ollama from auto-deploy (marketplace-only) Session & auth hardening: - Increase MAX_CONCURRENT_SESSIONS 20→50 (prevents eviction storms) - Debounced 401 redirect in rpc-client.ts (prevents redirect storms) Boot stability: - optimize-debian.sh: adds chrony, swap, removes policy-rc.d - deploy script: pre-restart chrony + swap setup - ISO build: chrony package, swap file creation - BootScreen: no longer clears localStorage (prevents splash replay) - RootRedirect: sole owner of localStorage clearing on server ready UI fixes: - Sidebar opacity default changed from 0→visible (fixes missing sidebar after page-persistence login without entrance animation) - Console.log/error wrapped in import.meta.env.DEV guards - Remove unused route import from RootRedirect Beta tracking: - CLAUDE.md: beta freeze protocol added - MASTER_PLAN.md: TASK-11, TASK-17, phase structure - BETA-PROGRESS.md: initial tracking doc - Tagged v1.2.0-alpha.1 as pre-rootless baseline Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -1,12 +1,16 @@
|
||||
Report written to `loop/pentest/security-assessment-report.md`.
|
||||
|
||||
**Summary of what's in the report:**
|
||||
**Summary: 27 findings** (8 Critical, 10 High, 6 Medium, 3 Low)
|
||||
|
||||
- **21 confirmed findings** across 4 severity levels (6 Critical, 7 High, 5 Medium, 3 Low)
|
||||
- Full exploitation evidence with request/response pairs for every finding
|
||||
- Root cause analysis showing AUTH-001 (no session management) as the single point of failure — fixing it blocks 15 of 21 findings
|
||||
- A documented attack chain demonstrating full node takeover in 6 curl commands
|
||||
- Prioritized remediation table (P0 within 48 hours through P2 within 1 month)
|
||||
- Appendix with excluded findings, technology inventory, and dependency tree of vulnerabilities
|
||||
The report includes:
|
||||
|
||||
The most critical takeaway: the existing session middleware in `core/startos/src/middleware/auth.rs` just needs to be wired into `core/archipelago/`'s HTTP handler. That single integration addresses the root cause of nearly every finding.
|
||||
- **Executive summary** with overall CRITICAL rating and top 3 recommendations
|
||||
- **Scope and methodology** covering nmap, source review, and live exploitation
|
||||
- **Full findings table** — 21 exploitation-confirmed + 6 recon-confirmed
|
||||
- **Detailed findings** — each with evidence (curl commands + responses), impact, and OWASP mapping
|
||||
- **Critical attack chain** — 7-step full compromise from any LAN device, zero auth
|
||||
- **Prioritized recommendations** — 20 remediation items across P0/P1/P2
|
||||
- **Positive security controls** — bcrypt, TOTP, session tokens, container security noted
|
||||
- **Appendices** — port inventory, container list, root cause tree, OWASP mapping, non-exploitable exclusions
|
||||
|
||||
The root cause is AUTH-001 (no session management). Fixing it addresses 15 of 27 findings. Combined with credential lockdown and port binding, 23 of 27 are resolved.
|
||||
Reference in New Issue
Block a user