TS-2026-009: Insecure argument handling in Tailscale SSH permitted root access
TS-2026-009: Tailscale SSH 中的不安全参数处理导致 root 权限泄露
Description: Insecure command line argument handling in Tailscale SSH permitted root user access in violation of ACLs. 描述:Tailscale SSH 中不安全的命令行参数处理导致了违反 ACL(访问控制列表)的 root 用户访问权限。
What happened? Tailscale SSH previously accepted usernames that contained a leading - character. On Linux platforms these usernames were passed as arguments to getent(1) to retrieve the corresponding passwd entry, where they were interpreted as flags permitting attacker-controlled behavior. Specifically, if a user connected with the username -i this would have been interpreted as --no-idn and getent would have printed the entire passwd file contents starting with the root user, causing Tailscale to open an interactive root session. Tailscale SSH now rejects usernames with leading dashes. This vulnerability is fixed in Tailscale version 1.98.9 or newer.
发生了什么? Tailscale SSH 之前接受以 - 字符开头的用户名。在 Linux 平台上,这些用户名被作为参数传递给 getent(1) 以检索相应的 passwd 条目,并被解释为标志,从而允许攻击者控制行为。具体来说,如果用户使用用户名 -i 连接,它会被解释为 --no-idn,getent 会打印出从 root 用户开始的整个 passwd 文件内容,导致 Tailscale 开启一个交互式的 root 会话。Tailscale SSH 现在拒绝以连字符开头的用户名。此漏洞已在 Tailscale 1.98.9 或更高版本中修复。
What was the impact? A user with SSH access to a Linux node would have been able to obtain a root session by connecting with the username -i, in violation of ACL policy.
影响是什么? 拥有 Linux 节点 SSH 访问权限的用户可以通过使用用户名 -i 连接来获取 root 会话,这违反了 ACL 策略。
Who was affected? Users of Tailscale SSH on Linux hosts that rely on autogroup:nonroot user restrictions in Tailscale ACLs.
受影响人群: 在 Linux 主机上使用 Tailscale SSH 且依赖 Tailscale ACL 中 autogroup:nonroot 用户限制的用户。
What do I need to do? If you use Tailscale SSH, upgrade to Tailscale version 1.98.9 or newer. 我该怎么做? 如果您使用 Tailscale SSH,请升级到 Tailscale 1.98.9 或更高版本。
Credits: We would like to thank Anthropic and Ada Logics for reporting this issue. 致谢: 我们感谢 Anthropic 和 Ada Logics 报告此问题。
Description: A single malformed HTTP request to a node running Tailscale Serve or Funnel could pin a CPU core indefinitely, causing denial of service. 描述:向运行 Tailscale Serve 或 Funnel 的节点发送单个格式错误的 HTTP 请求可能会无限期占用一个 CPU 核心,从而导致拒绝服务。
What happened? Tailscale Serve and Tailscale Funnel proxy incoming HTTP requests to local backends by matching the request path against the configured mount points. When resolving the handler for a request, Tailscale walked the request path upward one directory at a time, expecting the walk to eventually terminate at the root path /. For requests whose path did not begin with /, this walk never reached / and never matched a mount point, causing the loop to spin forever. As the server enforced no request timeout, nothing interrupted the spin, and the goroutine held one core at 100% for the life of the process. Tailscale now terminates the path walk for non-absolute paths, returning no handler and closing the request. This vulnerability is fixed in Tailscale version 1.98.9 or newer.
发生了什么? Tailscale Serve 和 Tailscale Funnel 通过将请求路径与配置的挂载点进行匹配,将传入的 HTTP 请求代理到本地后端。在解析请求的处理程序时,Tailscale 会逐级向上遍历请求路径,期望遍历最终在根路径 / 处终止。对于路径不是以 / 开头的请求,此遍历永远无法到达 /,也无法匹配到挂载点,导致循环无限运行。由于服务器没有强制执行请求超时,没有任何机制中断该循环,goroutine 会在进程生命周期内将一个 CPU 核心占用率保持在 100%。Tailscale 现在会终止非绝对路径的路径遍历,返回无处理程序并关闭请求。此漏洞已在 Tailscale 1.98.9 或更高版本中修复。
What was the impact? An attacker could send a crafted HTTP request to permanently consume one CPU core on the target node. For Tailscale Serve, the request could originate from any peer on the tailnet with access to the node. For Tailscale Funnel, the request could originate from any unauthenticated host on the internet. 影响是什么? 攻击者可以发送精心构造的 HTTP 请求,永久占用目标节点上的一个 CPU 核心。对于 Tailscale Serve,请求可以来自 tailnet 中任何有权访问该节点的对等点。对于 Tailscale Funnel,请求可以来自互联网上任何未经身份验证的主机。
Who was affected? Nodes running Tailscale Serve or Tailscale Funnel on versions prior to 1.98.9. 受影响人群: 运行 1.98.9 之前版本的 Tailscale Serve 或 Tailscale Funnel 的节点。
What do I need to do? If you run Tailscale Serve or Tailscale Funnel, upgrade to Tailscale version 1.98.9 or newer. 我该怎么做? 如果您运行 Tailscale Serve 或 Tailscale Funnel,请升级到 Tailscale 1.98.9 或更高版本。
Description: Insufficient inbound packet filtering in Services permitted access to loopback-bound listeners. 描述:Services 中入站数据包过滤不足,允许访问绑定到回环接口(loopback)的监听器。
What happened? Tailscale Services are virtual tailnet destinations that can be hosted from one or more nodes on your tailnet. They allow you to manage networked resources such as databases separately from the nodes that back them. In Tailscale versions prior to 1.98.9, nodes advertising services could accept inbound traffic to service IPs on ports that they did not advertise. In these scenarios Tailscale would forward these packets to any process on the host loopback interface listening on the same port, allowing them to be accessed remotely. Tailscale now filters and rejects these packets with the appropriate TCP RST response when no corresponding handler exists for the service port. This vulnerability is fixed in Tailscale version 1.98.9 or newer. 发生了什么? Tailscale Services 是虚拟的 tailnet 目的地,可以由您 tailnet 上的一个或多个节点托管。它们允许您将数据库等网络资源与支持它们的节点分开管理。在 1.98.9 之前的 Tailscale 版本中,发布服务的节点可能会接受发往其未发布端口的服务 IP 的入站流量。在这种情况下,Tailscale 会将这些数据包转发给主机回环接口上监听同一端口的任何进程,从而允许远程访问它们。当服务端口没有相应的处理程序时,Tailscale 现在会过滤并拒绝这些数据包,并返回适当的 TCP RST 响应。此漏洞已在 Tailscale 1.98.9 或更高版本中修复。
What was the impact? A user with ACL grants to a Tailscale Service could address it on non-advertised ports and reach processes listening on loopback on the node hosting the service. 影响是什么? 拥有 Tailscale Service ACL 授权的用户可以在未发布的端口上寻址该服务,并访问托管该服务的节点上监听回环接口的进程。
Who was affected? Users of Tailscale Services that rely on loopback-only network access restrictions on the nodes they use to host services. 受影响人群: 在托管服务的节点上依赖仅限回环接口网络访问限制的 Tailscale Services 用户。
What do I need to do? If you host Tailscale Services on nodes alongside processes bound to loopback, upgrade to Tailscale version 1.98.9 or newer. 我该怎么做? 如果您在绑定到回环接口的进程所在的节点上托管 Tailscale Services,请升级到 Tailscale 1.98.9 或更高版本。
Description: Tailscale SSH allowed users to be addressed by numeric UID, bypassing root user restrictions in ACLs. 描述:Tailscale SSH 允许通过数字 UID 寻址用户,从而绕过 ACL 中的 root 用户限制。
What happened? Tailscale SSH previously allowed users to be addressed by their username or UID value, however the root user restrictions in ACL enforcement only considered the former. A user with non-root SSH access who addressed 0@host would have been able to access root in violation of ACLs. Tailscale now disallows the use of UIDs or numeric-only usernames via SSH to avoid this ambiguity. This vulnerability is fixed in Tailscale version 1.98.9 or newer.
发生了什么? Tailscale SSH 之前允许通过用户名或 UID 值来寻址用户,但 ACL 执行中的 root 用户限制仅考虑了前者。拥有非 root SSH 访问权限的用户如果寻址 0@host,将能够以违反 ACL 的方式访问 root。Tailscale 现在禁止通过 SSH 使用 UID 或纯数字用户名,以避免这种歧义。此漏洞已在 Tailscale 1.98.9 或更高版本中修复。
What was the impact? A user with SSH access to a node would have been able to SSH as root using the username 0 in violation of ACL policy.
影响是什么? 拥有节点 SSH 访问权限的用户能够使用用户名 0 以 root 身份进行 SSH 连接,这违反了 ACL 策略。
Who was affected? Users of Tailscale SSH on Linux/Unix hosts that rely on autogroup:nonroot user restrictions in Tailscale ACLs.
受影响人群: 在 Linux/Unix 主机上使用 Tailscale SSH 且依赖 Tailscale ACL 中 autogroup:nonroot 用户限制的用户。
What do I need to do? If you use Tailscale SSH, upgrade to Tailscale version 1.98.9 or newer. 我该怎么做? 如果您使用 Tailscale SSH,请升级到 Tailscale 1.98.9 或更高版本。
Description: Tailscale Serve Unix socket proxy targets were not restricted to root, allowing a non-root operator to proxy privileged sockets. 描述:Tailscale Serve Unix 套接字代理目标未限制为 root 用户,允许非 root 操作员代理特权套接字。
What happened? Tailscale Serve can proxy incoming connections to local backends, including Unix domain sockets configured as proxy targets (for example, proxy: unix:/var/run/docker.sock). A non-root local user configured as the Tailscale operator can write Serve configuration through the LocalAPI. Tailscale restricts the ability to specify filesystem paths as Serve targets to the root user to prevent privilege escalations, however this check did not cover Unix socket proxy targets. A non-root operator could therefore have the tailscaled process running as root proxy to a privileged Unix socket, bypassing the filesystem permissions that would otherwise deny them access. Tailscale now…
发生了什么? Tailscale Serve 可以将传入连接代理到本地后端,包括配置为代理目标的 Unix 域套接字(例如 proxy: unix:/var/run/docker.sock)。配置为 Tailscale 操作员的非 root 本地用户可以通过 LocalAPI 编写 Serve 配置。Tailscale 将指定文件系统路径作为 Serve 目标的权限限制为 root 用户,以防止权限提升,但此检查未涵盖 Unix 套接字代理目标。因此,非 root 操作员可以使以 root 身份运行的 tailscaled 进程代理到特权 Unix 套接字,从而绕过本应拒绝其访问的文件系统权限。Tailscale 现在……