Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Give operators ability to create keys for each other #5

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Give operators ability to create keys for each other #5

wants to merge 1 commit into from

Conversation

ncc-erik-steringer
Copy link
Owner

In this demo, we give the operators group access to call iam:CreateAccessKey for other users in the account. However, this should lead to a PMapper test case failing, since this could be abused by an operator for privilege escalation.

@github-actions
Copy link

PMapper Test Results:

test_no_privesc (test_permissions.TestAuthorizationBoundaries)
Ensure that nobody can escalate their privileges from non-admin to to admin. ... FAIL
test_support_cannot_put (test_permissions.TestAuthorizationBoundaries)
Ensure that the IAM Role named 'support-staff' cannot call s3:PutObject for any of the S3 buckets. ... ok
test_support_has_no_edges (test_permissions.TestAuthorizationBoundaries)
Ensure that the IAM Role named 'support-staff' cannot access any other users or roles in the account. ... ok

======================================================================
FAIL: test_no_privesc (test_permissions.TestAuthorizationBoundaries)
Ensure that nobody can escalate their privileges from non-admin to to admin.
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/runner/work/Aerides/Aerides/testcode/test_permissions.py", line 45, in test_no_privesc
    self.fail(
AssertionError: Privilege escalation risks detected:

* user/adam can create access keys to authenticate as user/erik
* user/frank can create access keys to authenticate as user/erik
* user/john can create access keys to authenticate as user/erik

----------------------------------------------------------------------
Ran 3 tests in 0.163s

FAILED (failures=1)

@github-actions
Copy link

Scout Suite Test Results:

test_ec2_no_ports_open_to_all (test_scoutsuite_rails.TestScoutSuiteExpected)
Verify that none of the security groups have a port open to 0.0.0.0/0 ... ok
test_iam_no_inline_notaction (test_scoutsuite_rails.TestScoutSuiteExpected)
Verify no inline IAM Policies (for Users/Roles/Groups) use the NotAction field ... ok
test_iam_no_inline_passrole (test_scoutsuite_rails.TestScoutSuiteExpected)
Verify there are no inline policies granting iam:PassRole for * ... ok

----------------------------------------------------------------------
Ran 3 tests in 0.009s

OK

@ncc-erik-steringer
Copy link
Owner Author

Resulting PMapper visualization:

acct-tmp

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@ncc-erik-steringer