Security hardening: remediate aardvark/codex scanner findings #350
Description
Summary
An automated security scanner (aardvark/codex) opened 13 PRs (#337-#349) against the repository. After principal-engineer review, 11 were validated as legitimate and 2 were rejected (one as security theater, one as destructive). The original PRs were closed due to provenance issues and are being re-implemented cleanly in a single PR.
Validated Findings
| PR | Severity | Title | Status |
|---|---|---|---|
| #342 | Critical | L7 REST parser overread enables request smuggling | Implementing |
| #345 | Critical | OPA policy matches attacker-controlled cmdline paths | Implementing |
| #347 | Critical | Symlink following in read_write chown enables privilege escalation | Implementing |
| #338 | Critical | No application-layer auth in dual-auth/edge mode | Implementing |
| #337 | High | Missing process identity skips privilege dropping | Implementing |
| #339 | High | Forward proxy bypasses L7 method/path enforcement | Implementing |
| #340 | High | No validation on sandbox-discovered policy without baseline | Implementing |
| #341 | High | TLS secret volume readable by sandbox user (0644 default) | Implementing |
| #344 | High | Provider CRUD RPCs return plaintext credentials | Implementing |
| #346 | Low | drop_privileges no-op when process user unset (defense-in-depth, overlaps #337) | Implementing |
| #348 | Low | Server binds 0.0.0.0 by default (hardening) | Implementing |
Rejected Findings
| PR | Reason |
|---|---|
| #343 | Security theater: x-sandbox-id header is self-asserted with no cryptographic binding. Also breaks all existing callers since the sandbox client never sets the header. Needs redesign with per-sandbox certs or server-issued tokens. |
| #349 | Destructive: blocking AF_INET/AF_INET6 in proxy mode would break the proxy itself. Sandboxed processes must create inet sockets to reach the proxy at 10.200.0.1:3128. Network isolation is already enforced by the network namespace + iptables rules. |
Agent Diagnostic
All 13 PRs were reviewed using the review-security-issue skill with principal-engineer-reviewer sub-agents. Each finding was traced through the codebase to validate or refute the claimed vulnerability, assess severity, and evaluate the proposed fix.