Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

session.command event hits a ConditionalCheckFailedException on dynamoevents #40126

Closed
espadolini opened this issue Apr 2, 2024 · 3 comments · Fixed by #40854
Closed

session.command event hits a ConditionalCheckFailedException on dynamoevents #40126

espadolini opened this issue Apr 2, 2024 · 3 comments · Fixed by #40854
Assignees
@gabrielcorado
Labels
audit-log Issues related to Teleports Audit Log bug c-ib Internal Customer Reference internal-bounty-ineligible sec-sev-medium Security Vulnerability - Medium Severity sec-type-audit Security Vulnerability - Audit Log Bypass security Security Issues

Comments

@espadolini
Copy link
Contributor

Expected behavior:
session.command events are stored in the audit log even when using the DynamoDB events backend.

Current behavior:
sesssion.command events fail to get stored, reporting a ConditionalCheckFailedException error from DynamoDB.

Bug details:
All session.command events are emitted with the session ID of the session they belong to, and an event index of 0. DynamoDB uses (session ID, event index) as a primary key for the event, so prior to #38495 each session.command event overwrote the initial session.start event at first, and then all the other session.commands that took its place; now we refuse to overwrite events, rejecting the event and storing an error.

A similar issue exists for a different event (#39833), suggesting that perhaps we should fix the problem in a more general way rather than chase individual instances of event indexes not being set correctly for a session event.

  • Teleport version: 15.2.0, but it's likely that we've only just noticed now that we're logging errors rather than overwriting.
@espadolini espadolini added the bug label Apr 2, 2024
@espadolini espadolini added the c-ib Internal Customer Reference label Apr 2, 2024
@jentfoo jentfoo added audit-log Issues related to Teleports Audit Log sec-type-audit Security Vulnerability - Audit Log Bypass sec-sev-medium Security Vulnerability - Medium Severity labels Apr 2, 2024
@andreyzhelnin-st

This comment was marked as resolved.

Sign in to view
@espadolini

This comment was marked as resolved.

Sign in to view
@andreyzhelnin-st

This comment was marked as resolved.

Sign in to view
@gabrielcorado gabrielcorado mentioned this issue Apr 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gabrielcorado gabrielcorado

Labels
audit-log Issues related to Teleports Audit Log bug c-ib Internal Customer Reference internal-bounty-ineligible sec-sev-medium Security Vulnerability - Medium Severity sec-type-audit Security Vulnerability - Audit Log Bypass security Security Issues
Projects
None yet
Milestone
No milestone
4 participants
@espadolini @jentfoo @gabrielcorado @andreyzhelnin-st