First of all thank you very much for this awesome software. For me it is the best OpenSource software developed in this area in the last years. The extension with own nodes is easy and it is fun to work with n8n. It raises the productivity level enormously
I am using the official Docker image of n8n and have the problem that the user of a workflow can read configuration files like /etc/passwd using the Binary Reader node. I realize that it is “only” a Docker container. However, the problem exists to the same extent on a VM when I run the software as root user. On the VM, I can set up an unprivileged user and run n8n with pm2. It would be nice to have n8n processes running in the Docker container with an unprivileged container as well. And yes, I could create my own Docker image - but maybe I’m just the lazy programmer
Using the Exec node, I can also read all the environment variables and thus have the ability to read the MySQL credentials and use them using the MySQL node and read tables. The N8N_ENCRYPTION_KEY key is also readable. A clever attacker would be able to decrypt the credentials and would have all the secrets of various SaaS providers in his hand or he could just delete or truncate the table via workflow. An .env file can also be read. In the case of using a VM, this could possibly be done through appropriate file system permissions.In case of a Docker container, you will be able to solve the container secrets via Hashicorp Vault or via Kubernetes secrets.
I know you can disable nodes, but to run Ansible or Terraform for example, you need either corresponding Ansible or Terraform nodes if you disable the Exec node.
I’m thinking of just disabling the UI in production and handling everything through the REST API, which could be secured using a proxy. RBAC integration of the UI would be nice, but would certainly require a bunch of effort. If working alone with n8n, BaseAuth is certainly not a problem, but enterprise customers will certainly expect integration with their AD, LDAP or whatever to authorize and authenticate users appropriately.
And yes, I read the security section in the doc
My request: provide a Docker image that you can run with an unprivileged user if needed. You can find something similar with Nginx.
My question: How do you deal with these security issues?