Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes for the security audit #29

Closed
wants to merge 2 commits into from
Closed

Fixes for the security audit #29

wants to merge 2 commits into from

Conversation

luckychess
Copy link
Contributor

Update covers:

  • Dockerfile runs sscd from unprivileged user
  • Bump several go.mod dependencies

@luckychess luckychess closed this Dec 16, 2024
emanuelconunaemme
emanuelconunaemme reviewed Dec 16, 2024
View reviewed changes
go.mod
@@ -1,25 +1,25 @@
module github.com/sagaxyz/ssc

go 1.22.2
go 1.22.7
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be consistent with the dockerfile. Why having two different ones?

emanuelconunaemme
emanuelconunaemme reviewed Dec 16, 2024
View reviewed changes
Dockerfile
@@ -18,6 +18,10 @@ COPY --from=build-env /root/build/sscd /usr/bin/

RUN apk add gcompat bash curl

RUN addgroup -S sscd && adduser -S sscd -G sscd
USER sscd
WORKDIR /home/sscd
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wait, this is a breaking change and will require a migration. Is it worth? If so, we will need to update the guides and everywhere we are using docker. Basically, current validators running as root have all the files under /root/.ssc. If you change the home that directory will be empty.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, it's not worth to do now so I closed this PR, we have more than enough to do without it.

@emanuelconunaemme
Copy link
Contributor

I realized after that this was closed. Just making sure you are not merging the same changes elsewhere.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emanuelconunaemme emanuelconunaemme emanuelconunaemme left review comments

@lukitsbrian lukitsbrian Awaiting requested review from lukitsbrian

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@luckychess @emanuelconunaemme