ttyd
ttyd copied to clipboard
tsl0922
Allow specifying HTTP basic auth credentials from a file
Is your feature request related to a problem? Please describe.
Arguments to applications are by default readable to all users on Linux. Try e.g.:
tlater ~ $ export SAMPLE_SECRET=20
tlater ~ $ sleep $SAMPLE_SECRET & ps -u | grep sleep
[1] 8181
tlater 8181 0.0 0.0 227256 1336 pts/2 SN 21:54 0:00 sleep 20
This means that when using the HTTP basic auth mechanism, unprivileged users may be able to abuse ttyd to gain another users' permissions. While HTTP basic auth isn't very secure to begin with, it can be used somewhat safely in a controlled network otherwise.
Describe the solution you'd like
Ideally, a new arg called --credential-file, that would be used to read credentials from a file instead; this would allow setting access permissions on the file instead.
Describe alternatives you've considered
Taking credentials from stdin, or generally a file descriptor would also be a nice way to implement better security here. Alternatively, maybe the option of HTTP basic auth should be removed altogether - it's a notoriously easy trap to fall for, since it almost never offers any security without TLS anyway, and when TLS is active client certificates are a significantly better alternative.
Additional context
NixOS provides a module downstream for ttyd, which has some nice configuration semantics for setting up a "passwordFile", but is a bit misleading. This is part of a larger initiative to provide better ways to support credential passing.
Argh, sorry I missed that issue, I swear I searched around before raising this :| I'll keep it open for now, just in case this gets some traction at least:
Alternatively, maybe the option of HTTP basic auth should be removed altogether - it's a notoriously easy trap to fall for, since it almost never offers any security without TLS anyway, and when TLS is active client certificates are a significantly better alternative.