-
-
Notifications
You must be signed in to change notification settings - Fork 164
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A potential risk in the fc-stable-diffuson can be used to escalate permission. #811
Comments
Hello, are there any updates? |
@lowkeyrd Please check. Also, for Alibaba Cloud issues, its better to report via aliyun.com website. |
I'm sorry for the inconvenience caused to you. I found this report way in the source code of the fc-stable-diffuson application. It said, "您如果有关于错误的反馈或者未来的期待,您可以在 Serverless Devs repo Issues 中进行反馈和交流。" I'm very sorry again. If possible, could you help me find the correct report way about Alibaba Cloud issues? |
https://fcnext.console.aliyun.com/self-service or join Dingding group 11721331. |
Thank you for your help. I will report the issue through the Dingding group, and I would greatly appreciate it if you could help confirm the potential security issue here. |
Hello! I found a potential risk in the fc-stable-diffuson when I deployed it in the Alibaba Cloud Serverless Application Center. The service of the application has the role of excessive permission. A malicious can leverage the permissions of the aliyunfcserverlessdevsrole to escalate permission.
Details Analysis
After the application was deployed, it created a service named fc-stable-diffusion-plus. This service has two functions that are sd and admin. They all inherit the role of fc-stable-diffusion-plus. This role named aliyunfcserverlessdevsrole is the default role for the Serverless Application Center to create the resources of the application, which is an application role, not a service role. This role is a role that every application will use in the application center during creation. It cannot be replaced and can only add corresponding policies. Therefore, after deploying many applications, the permissions of this role will be very high. It should not be used as a service role by the services created by the applications. The service should use the default role for function compute, which is aliyunfcdefaultrole. So a malicious user who controls this function can escalate privilege by leveraging the aliyunfcserverlessdevsrole having excessive permission.
Attack Scenario
Assuming such an attack scenario, in a company, there are two employees Bob and Alice, and the company has an Alibaba Cloud account. The two employees are two RAM users in the account. Bob's RAM user only has the relevant permissions for Function Compute, while Alice's RAM user has administrator permissions. Alice has created the fc-llm-api application through the serverless application center in the account. In that way, Bob can use the permissions related to Function Compute to obtain the AccessKeyID, AccessKeySecret, and SecurityToken of the role used by the service in the fc-stable-diffusion-plus, thereby causing permission escalation.
Mitigation Discussion
The service should use the default role for function compute, not the default role for Serverless Application Center. In other words, the service should use the aliyunfcdefaultrole, not the aliyunfcserverlessdevsrole.
Question
By the way, I have sent an email to [email protected] according to your CONTRIBUTING.md, but it said the email doesn't exist. So I have to raise an issue to report this issue to you. I apologize for any inconvenience caused to you.
The text was updated successfully, but these errors were encountered: