| ▲ | TS-2026-009: Insecure argument handling in Tailscale SSH permitted root access(tailscale.com) |
| 89 points by jervant 4 hours ago | 38 comments |
| |
|
| ▲ | tptacek 4 hours ago | parent | next [-] |
| This is such a venerable and ancient class of bugs, going at least as far back as AIX 3. Glad to see they're still makin' 'em like they used to. (If you had SSH access to a host in your Tailscale ACL, you could log in as `-i` and get a root login.) |
| |
| ▲ | RossBencina 2 hours ago | parent | next [-] | | I'm somewhat alarmed that the context that this bug was running in was capable of root login. Is there a reason that an SSH login process would, by default, have enough capabilities to facilitate direct root login? | | |
| ▲ | yjftsjthsd-h 2 hours ago | parent [-] | | If it runs as your user and can only log in as you, then I wouldn't expect it to be able to become root. But if it can log you in as different users, I would expect that 1. it needs to run from root, and 2. it can log in as root. |
| |
| ▲ | iririririr 3 hours ago | parent | prev [-] | | you can also add parameters to env vars in some popular cloud providers for the same effect. |
|
|
| ▲ | doublepg23 3 hours ago | parent | prev | next [-] |
| I’m a heavy Tailscale user, so I do trust them quite a bit, but I never used the Tailscale SSH feature.
I feel like OpenSSH’s security record is pretty unbeatable, not sure why I’d swap over for such a security-sensitive tool. |
| |
| ▲ | bakies 3 hours ago | parent | next [-] | | Yeah pretty much just use tailscale as a vpn.. do one thing as they say. | |
| ▲ | jdiff 3 hours ago | parent | prev | next [-] | | I've used it before to access my tailnet machines through a browser on a machine I can't download software on. | |
| ▲ | dgacmu 3 hours ago | parent | prev | next [-] | | I used it for a bunch of remote monitor boxes to have a way of centrally managing ssh access to things that were often on- and off-line. It was simple and convenient and access was easily revocable. | |
| ▲ | isatty 3 hours ago | parent | prev [-] | | Convenience for the most part but in general, I agree. I like having it as an option. |
|
|
| ▲ | drnick1 2 hours ago | parent | prev | next [-] |
| I'll stick to my 100% self-hosted Wireguard setup, thank you very much. |
| |
| ▲ | m_mueller an hour ago | parent | next [-] | | Why not tailscale plus head scale for self hosting? | |
| ▲ | doctorpangloss 32 minutes ago | parent | prev [-] | | haha self hosted wireguard, an opportunity to find out AllowedIPs: 0.0.0.0/0 does the opposite of what you think it will do |
|
|
| ▲ | e40 4 hours ago | parent | prev | next [-] |
| So, giving access via tailscale but using OpenSSH is safe, right? |
| |
| ▲ | lugoues 4 hours ago | parent | next [-] | | Yes, this only involves their wrapper that is managed by ACL rules. | |
| ▲ | iririririr 3 hours ago | parent | prev [-] | | as much as handing control to a remote third part is, yes. | | |
| ▲ | cevn an hour ago | parent [-] | | Good point. I self host headscale but it also has the ssh feature, probably also insecure. |
|
|
|
| ▲ | mintflow an hour ago | parent | prev | next [-] |
| >>> We would like to thank Anthropic and Ada Logics for reporting this issue. it seems anthropic also use tailscale or it's just being discovered by the mythos model? |
| |
| ▲ | tristanj 12 minutes ago | parent [-] | | I presume Ada Logics has access to Anthropic's Mythos model via Project Glasswing, and Ada Logics discovered this exploit during their vulnerability research. |
|
|
| ▲ | mintflow an hour ago | parent | prev | next [-] |
| pure logic error, the undergoing tailscale rust rewrite can't help this too:) |
| |
| ▲ | mintflow an hour ago | parent [-] | | that said, the limit impact perhaps is only affected multiple users in tailnet if the ACL is not configure correctly As single tailnet+single user, perhaps it's just okay |
|
|
| ▲ | modeless 3 hours ago | parent | prev | next [-] |
| Tailscale SSH has caused me other problems in the past because it takes over port 22. I'm not a fan. |
| |
|
| ▲ | luciana1u 2 hours ago | parent | prev | next [-] |
| tailscale ssh: replacing a 25-year-old battle-tested codebase with a startup's Go rewrite and then acting surprised when it has bugs |
|
| ▲ | kbumsik 4 hours ago | parent | prev | next [-] |
| Why own numbering instead of CVE? |
| |
| ▲ | wereHamster 25 minutes ago | parent | next [-] | | Some reasons why an org might want to become their own CNA: https://daniel.haxx.se/blog/2024/01/16/curl-is-a-cna/ | |
| ▲ | vngzs 3 hours ago | parent | prev [-] | | It lets organizations (Tailscale) control the timing and narrative around the disclosure more directly. Organizations sometimes avoid the bureaucracy of going through CVE Numbering Authorities by self-publishing. Often a CVE assignment follows self-disclosure, especially when there's pressure to interoperate with vuln-scanning/compliance tooling | | |
| ▲ | bigfatkitten 3 hours ago | parent [-] | | And sometimes it’s just impossible to get a CVE number in a reasonable amount of time, or indeed at all. |
|
|
|
| ▲ | farfatched 31 minutes ago | parent | prev | next [-] |
| Sadly, yet another path to root via Tailscale. If their scope grows, and they run so much as root, it won't be their last. |
|
| ▲ | cyberax 3 hours ago | parent | prev [-] |
| > "Tailscale SSH now rejects usernames with leading dashes." Really? That's the fix? A proper fix is to use "--" to separate arguments. |
| |
| ▲ | catlifeonmars 27 minutes ago | parent | next [-] | | “--“ doesn’t work on all versions of getent. A better fix is to call “getent passwd” with no user controlled arguments and then parse the resulting list. This gets rid of the input sanitization problem entirely. | |
| ▲ | valleyer 3 hours ago | parent | prev | next [-] | | A proper fix is not to shell out to a command at all; use getpwnam(3) or similar. | |
| ▲ | sedatk 3 hours ago | parent | prev [-] | | Their fix just future-proofs it in case the same bug gets reintroduced. | | |
| ▲ | turbert 2 hours ago | parent | next [-] | | A correct implementation would be to just call glibc directly, this seems like a hasty fix to get the patch out the door. The history of vulns from bad shell escaping is as old as bash, whenever possible you probably shouldn't be mixing code and data, especially in a security critical application like this. | | |
| ▲ | raggi an hour ago | parent [-] | | The fact that there is no portable way to link the relevant functions that works reliably across all distributions of Linux is a failure of POSIX and GNU, and unfortunately is largely the Linux distribution story in a nutshell. Your answer is mostly correct, except that when you tug on that thread the shelf comes off the wall, the plaster comes with it, and then it cracks the water pipes on the way to the floor. |
| |
| ▲ | cyberax 3 hours ago | parent | prev [-] | | This is just a dirty fix. It adds weird restrictions and masks issues. Refactoring external invocations to use safe argument handling is a better way to fix it. Along with tests that exercise weird names. | | |
| ▲ | raggi an hour ago | parent | next [-] | | http://github.com/tailscale/tailscale/commit/e4144230f410204... | |
| ▲ | sedatk 3 hours ago | parent | prev [-] | | I argue the opposite: there’s no better fix for this. You can write the most elegant fix, whatever it is, and prevent that from happening only on the codebase that’s fixed. That doesn’t mean that the codebase will always be the only authority on authentication. The username policy fixes this issue for good, regardless of whatever you write in the future, or whatever new mechanism is introduced. It’s a restriction for sure, but it’s not a nonsense restriction? Who would have a username starting with a hyphen? I didn’t even know it was possible until today. | | |
| ▲ | turbert 2 hours ago | parent [-] | | > I argue the opposite: there’s no better fix for this The better fix would be to not have the username pass through a parser looking for cli flags in the first place. |
|
|
|
|