-
Notifications
You must be signed in to change notification settings - Fork 3
Security and Privacy
Antler only needs to run as root when working with Linux network namespaces, or executing System commands in CUE that require root. TODO update this section.
In general, there should be no need to run antler as root when running
tests that don't need network namespaces. Likewise, antler commands that have
no need for root access, such as init, list, vet and server, should not
be run as root.
Running Antler in public networks carries some additional risks:
- Malicious clients may attempt to connect to test servers, possibly corrupting the results.
- Some test parameters may be intercepted by on-path attackers, possibly exposing information that should be kept private.
To protect test servers, HMAC may be set to true for any Tests that will be run on public networks. This makes it difficult for rogue clients to initiate unauthorized Tests, or to perform on-path manipulation of parameters or data sent from clients to servers. It does not however prevent sophisticated on-path replay attacks, which may be used to inject spurious results, despite that it's unclear what would motivate someone to perform such an attack.
Google Charts is used for visualizations. There are no currently known vulnerabilities in Charts, but if privacy is a concern, users should review Security and Privacy in Charts.