PRESENTS Vitess security audit In collaboration with the Vitess maintainers, Open Source Technology Improvement Fund and The Linux Foundation Authors Adam Korczynski David Korczynski com> Date: June 5, 2023 This report is licensed under Creative Commons 4.0 (CC BY 4.0) Vitess Security Audit, 2023 Table of contents Table of contents 1 Executive summary 2 Notable findings 3 Project found 16 SLSA review 38 Conclusions 40 1 Vitess Security Audit, 2023 Executive summary In March and April 2023, Ada Logics carried out a security audit of Vitess. The primary focus of the audit was

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 4 Transport Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . which are assumed to provide a distributed, consistent key-value store. The default topology service plugin is etcd2. The topology service exists for several reasons: 14 • It enables tablets to coordinate combination with vtctld). Using client-server is recommended, as it provides an additional layer of security when using the client remotely. Using vtctl, you can identify master and replica databases, create

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Transport Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . which are assumed to provide a distributed, consistent key-value store. The default topology service plugin is etcd2. The topology service exists for several reasons: • It enables tablets to coordinate among combination with vtctld). Using client-server is recommended, as it provides an additional layer of security when using the client remotely. Using vtctl, you can identify master and replica databases, create

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 Transport Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . which are assumed to provide a distributed, consistent key-value store. The default topology service plugin is etcd2. The topology service exists for several reasons: • It enables tablets to coordinate among combination with vtctld). Using client-server is recommended, as it provides an additional layer of security when using the client remotely. Using vtctl, you can identify master and replica databases, create

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Transport Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . which are assumed to provide a distributed, consistent key-value store. The default topology service plugin is etcd2. The topology service exists for several reasons: • It enables tablets to coordinate among combination with vtctld). Using client-server is recommended, as it provides an additional layer of security when using the client remotely. Using vtctl, you can identify master and replica databases, create

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 Transport Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . which are assumed to provide a distributed, consistent key-value store. The default topology service plugin is etcd2. The topology service exists for several reasons: • It enables tablets to coordinate among combination with vtctld). Using client-server is recommended, as it provides an additional layer of security when using the client remotely. Using vtctl, you can identify master and replica databases, create

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 9 Transport Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . which are assumed to provide a distributed, consistent key-value store. The default topology service plugin is etcd2. The topology service exists for several reasons: • It enables tablets to coordinate among combination with vtctld). Using client-server is recommended, as it provides an additional layer of security when using the client remotely. Using vtctl, you can identify primary and replica databases, create

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Transport Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . which are assumed to provide a distributed, consistent key-value store. The default topology service plugin is etcd2. The topology service exists for several reasons: • It enables tablets to coordinate among their underlying MySQL instances. vtworker vtworker hosts long-running processes. It supports a plugin architecture and offers libraries so that you can easily choose tablets to use. Plugins are available

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Transport Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . which are assumed to provide a distributed, consistent key-value store. The default topology service plugin is etcd2. The topology service exists for several reasons: • It enables tablets to coordinate among their underlying MySQL instances. vtworker vtworker hosts long-running processes. It supports a plugin architecture and offers libraries so that you can easily choose tablets to use. Plugins are available

for horizontal scaling of MySQL” From https://vitess.io/ This report documents the results of a security assessment targeting the Vitess software database scaler. Funded by the CNCF / The Linux Foundation may suggest some kind of test limitations, they in fact prove that the Vitess team delivers on the security promises they make. In Cure53’s view, there is a clear intention and follow-through on providing the test was dedicated to classic penetration testing. At this stage, it was verified whether the security promises made by Vitess in fact hold against real-life attack situations and malicious adversaries