feat(bench): Block destructive bench commands over SSH on production#543
Draft
regdocs wants to merge 1 commit into
Draft
feat(bench): Block destructive bench commands over SSH on production#543regdocs wants to merge 1 commit into
regdocs wants to merge 1 commit into
Conversation
Users with SSH access to a bench can run commands like `bench --site X drop-site` or `migrate` directly, desyncing the site's state with what Frappe Cloud believes it manages. The bench CLI is the natural chokepoint but is pinned and near-immutable in prod, so we can't patch it there. Instead, install a `bench` wrapper on the container that refuses a blocklist of state-mutating subcommands. The wrapper resolves the real bench via `command -v`, moves it aside to `bench.real`, and takes its place — wrapping whichever bench the shell runs regardless of PATH order, idempotent across redeploys. Blocking only kicks in when common_site_config marks the bench as Frappe Cloud, so it's inert elsewhere. The blocklist is sent by Press so it can change without rebuilding the image. This is a guardrail against accidents, not a security boundary: anyone with a shell can still call bench.real directly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Users with SSH access to a bench can run commands like
bench --site X drop-siteormigratedirectly, desyncing the site's state with what Frappe Cloud believes it manages. The bench CLI is the natural chokepoint but is pinned and near-immutable in prod, so we can't patch it there.Instead, install a
benchwrapper on the container that refuses a blocklist of state-mutating subcommands. The wrapper resolves the real bench viacommand -v, moves it aside tobench.real, and takes its place — wrapping whichever bench the shell runs regardless of PATH order, idempotent across redeploys. Blocking only kicks in when common_site_config marks the bench as Frappe Cloud, so it's inert elsewhere. The blocklist is sent by Press so it can change without rebuilding the image.This is a guardrail against accidents, not a security boundary: anyone with a shell can still call bench.real directly.