undefined | Better HN

0 pointsjonchurch_15d ago0 comments

I have not read that blog post. But unfortunately (and I'd love to be wrong!) it doesn't matter for if a repo admin's token gets exfiled, because if you put your gates within Github, an admin repo token is sufficient to defang all of them from the API without 2fa challenge.

That is why I want 2fa before publish at the registry, because with my gh cli token as a repo admin, an attacker can disable all the Github branch protection, rewrite my workflows, disable the required reviewers on environments (which is one method people use for 2fa for releases, have workflows run in a GH environment whcih requires approval and prevents self review), enable self review, etc etc.

Its what I call a "fox in the hen house" problem, where you have your security gates within the same trust model as you expect to get stolen (in this case, having repo admin token exfiled from my local machine)

0 comments

captn3m015d ago

https://docs.github.com/en/actions/how-tos/deploy/configure-... is the feature they use.

> We impose tag protection rules that prevent release tags from being created until a release deployment succeeds, with the release deployment itself being gated on a manual approval by at least one other team member. We also prevent the updating or deletion of tags, making them effectively immutable once created. On top of that we layer a branch restriction: release deployments may only be created against main, preventing an attacker from using an unrelated first-party branch to attempt to bypass our controls.

> https://astral.sh/blog/open-source-security-at-astral

From what I understand, you need a website login, and not a stolen API token to approve a deployment.

But I agree in principle - The registry should be able to enforce web-2fa. But the defaults can be safer as well.

jonchurch_OP15d ago

I tested approving a deployment via API last week w/ my gh cli token (well, had claude do it while I watched). Again, I really want to be wrong about this, but my testing showed that it is indeed trivial to use the default token from my gh cli to approve via API. (repo admin scope, which I have bc I am admin on said repo)

Nothing in this link [1] proves what I said, but it is the test repo I was just conducting this on, and it was an approval gated GHA job that I had claude approve using my GH cli token

I also had claude use the same token to first reconfigure the enviornment to enable self-approves (I had configured it off manually before testing). It also put it back to self approve disabled when it was done hehe

[1] https://github.com/jonchurch/deploy-env-test/actions/runs/25...

captn3m015d ago

You're right. Found the relevant docs+API calls:

https://docs.github.com/en/rest/actions/workflow-runs?apiVer...

Also for a Pending Deployment: https://docs.github.com/en/rest/actions/workflow-runs#review...

Both of these need `repo` scope, which you can avoid giving on org-level repos. For fine-grained tokens: "Deployments" repository permissions (write) is needed, which I wouldn't usually give to a token.

1 more reply

woodruffw14d ago

Exfiltrating an admin token is a big "if"; you shouldn't issue admin tokens at all, and GitHub does (at least for me) pop a proper MFA challenge when attempting to issue one.

(I wrote that Astral post.)

Edit: separately, I'll note that the risk of long-lived, highly privileged credentials is the primary motivating reason for Trusted Publishing: a developer's machine has (by necessity) a much higher degree of access than an ephemeral runner does, making it a much juicier target for an attacker. It also runs all kinds of stuff in a mostly unsandboxed manner, making it easier (in principle) to exploit. That's not to say there shouldn't be additional guards on publishing, but that I'm not remotely convinced that local publishing is any better by default.

j / k navigate · click thread line to collapse

0 comments

captn3m015d ago

https://docs.github.com/en/actions/how-tos/deploy/configure-... is the feature they use.

> https://astral.sh/blog/open-source-security-at-astral

From what I understand, you need a website login, and not a stolen API token to approve a deployment.

But I agree in principle - The registry should be able to enforce web-2fa. But the defaults can be safer as well.

jonchurch_OP15d ago

Nothing in this link [1] proves what I said, but it is the test repo I was just conducting this on, and it was an approval gated GHA job that I had claude approve using my GH cli token

[1] https://github.com/jonchurch/deploy-env-test/actions/runs/25...

captn3m015d ago

You're right. Found the relevant docs+API calls:

https://docs.github.com/en/rest/actions/workflow-runs?apiVer...

Also for a Pending Deployment: https://docs.github.com/en/rest/actions/workflow-runs#review...

1 more reply

woodruffw14d ago

Exfiltrating an admin token is a big "if"; you shouldn't issue admin tokens at all, and GitHub does (at least for me) pop a proper MFA challenge when attempting to issue one.

(I wrote that Astral post.)

j / k navigate · click thread line to collapse