GCP AI Notebooks Vulnerability - Remediation

This is an update to my previous blog post which documented a mechanism for GCP Org Policy Bypass using custom metadata on compute instances.

»
Author's profile picture Kat Traxler on GCP and Hacking

Bypassing GCP Org Policy with Custom Metadata

TLDR;
Google makes use of custom metadata to authorize access to AI Notebooks and their web UIs.
Individuals granted access via custom metadata need not have any IAM permissions on the compute instance, on the service account running the Notebook or even be a member of the Organization. Authorization via custom metadata, bypasses a specific Organization Policy Constraint which restricts cross-domain resource sharing.
This vulnerability was awarded $1337.00 by the Google VRP Review Panel.

»
Author's profile picture Kat Traxler on GCP and Hacking

GCP .actAs d-day > How not to remediate

On January 27, 2021 a major, potentially breaking change is coming to GCP. If you’re using the default service account as the backing identity for several of GCP’s data science PaaS services, the end user will be required to have the .actAs permission on the default service account.

»
Author's profile picture Kat Traxler on GCP, IAM, and 101

GCP Roles and Permissions 101

Its ultimately Cloud IAM Permissions which grant access to resources. However, in GCP you do not and cannot assign individual permissions to an Identity. Instead, permissions are grouped together to form Roles. Its the Role, not the permission, that is granted to an Identity.
Sometimes, a Role will only contain a single permission, other times it will contain hunderds of permissions so that the Role can enable some broader functionality.

»
Author's profile picture Kat Traxler on GCP, IAM, and 101

GCP Users and Group 101

Users and Groups are two types of identities which can be assigned IAM Roles in GCP. When Users and Groups are members in IAM Policy, they are referenced by their email addresses.

»
Author's profile picture Kat Traxler on GCP, IAM, and 101

GCP Service Account 101

Service Accounts are non-human identities used for Infrastructure and Resources. Service Accounts do not have passwords. You can optionally generate and export a Private Key for a Service Account. But you’ll only want to do this when you need to enable an external integrations, that is, authenticated API calls to your Resources.

»
Author's profile picture Kat Traxler on GCP, IAM, and 101

GCP Resource Hierarchy 101

Resources in Google Cloud are organized into a hierarchy with each level or node of this structure being called a Resource. At the top of the hierarchy is the Organization followed by any number of nested Folders which then house Projects. At the lowest level of the hierarchy are the widgets the compose a GCP Project, things like a Pub/Sub topic, Cloud Compute instance or Cloud Buckets.

»
Author's profile picture Kat Traxler on GCP, IAM, and 101

GCP IAM Policy 101

This GCP’s model for managing access to resources has three main parts: Who, What Role and the Resource.

»
Author's profile picture Kat Traxler on GCP, IAM, and 101