Priority: P2 (Medium) · Security audit finding · area: agent / ops
StartPTY (go/internal/agent/pty.go) spawns the shell as whatever user launched mir-agent — there is no setuid/privilege drop (correct by design: the owner gets a shell as that user). The consequence: if mir-agent is run as root, a paired owner gets a root shell, and the whole machine is the blast radius.
The auth model is sound (only the pinned owner key reaches the shell — verified), so this is an operational hardening item, not a code defect.
Requests
- Docs: add an explicit "run
mir-agent as a dedicated low-privilege user, never root" note to README.md / SECURITY.md (under "The target machine" trust root).
- Optional code (cheap, high-signal): log a prominent warning at startup when
os.Geteuid() == 0, e.g. mir-agent: running as root — a paired owner will get a root shell; run as a normal user unless you really mean this. (Warn, don't block — some users may intend it.)
Happy to send a small PR for (2) if the maintainer wants it.
Filed from a security audit; see also the companion PRs labeled security.
Priority: P2 (Medium) · Security audit finding · area: agent / ops
StartPTY(go/internal/agent/pty.go) spawns the shell as whatever user launchedmir-agent— there is nosetuid/privilege drop (correct by design: the owner gets a shell as that user). The consequence: ifmir-agentis run as root, a paired owner gets a root shell, and the whole machine is the blast radius.The auth model is sound (only the pinned owner key reaches the shell — verified), so this is an operational hardening item, not a code defect.
Requests
mir-agentas a dedicated low-privilege user, never root" note toREADME.md/SECURITY.md(under "The target machine" trust root).os.Geteuid() == 0, e.g.mir-agent: running as root — a paired owner will get a root shell; run as a normal user unless you really mean this.(Warn, don't block — some users may intend it.)Happy to send a small PR for (2) if the maintainer wants it.
Filed from a security audit; see also the companion PRs labeled
security.