Description
Hello,
It seems like Jupyter server proxy does not stop one user to proxy to web application of another user running on the same host. If the web app does not have any authentication, any user can proxy to app of any other using just by knowing on which port the web app is running.
Reproducer:
We can reproduce it in container setup. Build a container with following Dockerfile
FROM debian:stable-slim
ARG DEBIAN_FRONTEND=noninteractive
# Install prerequisites
RUN apt-get update -y && apt-get install apt-utils -y && \
apt-get install vim \
git \
curl \
python3.9 \
python3-pip -y
# Install node
RUN curl -fsSL https://deb.nodesource.com/setup_18.x | bash - && \
apt-get install -y nodejs
# Add users
RUN useradd --shell /bin/bash --home-dir /home/user1 -p $(openssl passwd -1 user1) --create-home user1 && \
useradd --shell /bin/bash --home-dir /home/user2 -p $(openssl passwd -1 user2) --create-home user2
# Install Jupyterlab and jupyter server proxy
RUN pip install --no-cache-dir jupyterlab==3.5.0 jupyter_server_proxy==3.2.2 tensorboard==2.11.0
# Expose port
EXPOSE 8888
# Entrypoint
CMD ["bash"]
Now start a jupyterlab instance as user user1
docker run -p 9999:8888 --rm -it --name jsp_test jsp
root@b20fcea9b498:/# su - user1
user1@b20fcea9b498:~$ jupyter-lab --ip=0.0.0.0
Now open another shell as start a tensorboard instance as user2
docker exec -it jsp_test bash
root@b20fcea9b498:/# su - user2
user2@b20fcea9b498:~$ tensorboard --logdir /home/user2 --port 7001
Now if we go to http://localhost:9999/proxy/7001/, we can access the tensorboard instance of user2
Use case:
This can be a potential security issue on multi tenant systems like HPC platforms. This is a very common scenario in HPC environment that multiple users run their jupyterlab instances on the same host.
Potential Fix:
One straight-forward fix is to check if current user owns the process before proxying to the application. I have verified that on Linux and it works well. I am not quite sure if it works on Windows and Mac though.