-
Notifications
You must be signed in to change notification settings - Fork 162
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openssl 1.1.1k incompatibilities #89
Comments
🤔
|
I'm not sure if this impacts Falco or its users, but I figured I'd call out that 1.0.2u may exhibit issues with the expiring Let's Encrypt root certificates (which happens tomorrow): https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/. Also 1.0.2u has several CVEs, which will make the new Falco image immediately show up as vulnerable. https://www.openssl.org/news/vulnerabilities.html |
Thanks for reporting that! It is certainly something we need to take into consideration. Although not all OpenSSL CVEs may directly affect Falco (since not all OpenSSL features are used in sinsp) and its users, I generally agree with you. This is an unfortunate situation. Anyway, after a further investigation, we are opting to downgrade OpenSSL to 1.0.2u (which is still newer than the last one shipped with Falco, i.e., OpenSSL 1.0.2n) because we discovered several incompatibilities with the 1.1.x series which cannot be solved shortly. These incompatibilities can cause significant and more severe issues to Falco users. For sure, we have to address the OpenSSL upgrading issue soon after the upcoming release (Falco 0.30.0, it should come out tomorrow). We may also decide to release a patch version, eventually, without having to wait until Falco 0.31.0 in Jan. |
Describe the bug
After upgrading
openssl
from 1.0.2n to 1.1.1k, a program freeze may occur when using the K8s client implementation provided by sinsp. I have encountered this problem while testing the latest (at the time of writing) Falco dev version0.29.1-28+0eb170c
which comes with a driver version equal to: 5727c45To reproduce the bug, I have used the helm chart with the following docker image (which includes Falco
0.29.1-28+0eb170c
):At the time of writing, it was tagged as
falcosecurity/falco:master
.The problem occurs only when the k8s support is enabled and Falco is running in a container. Strangely, the bug does not occur when using Falco on the host directly.
How to reproduce it
Then Falco immediately freezes and no alerts are emitted.
Expected behaviour
No freeze.
Screenshots
Environment
Falco version 0.29.1-28+0eb170c (driver version 5727c456ce22f3c1da8c3b1d7d6b6937a9b2126b)
kind
on my local machineLinux x86 5.14.8-arch1-1 #1 SMP PREEMPT Sun, 26 Sep 2021 19:36:15 +0000 x86_64 GNU/Linux
helm
Additional context
The bug was introduced by 16c7aef
A working patch (ie. downgrading openssl to the 1.0.x series) is available here #90
This problem is blocking the Falco 0.30.0 release. We are working on a hotfix.
The text was updated successfully, but these errors were encountered: