Skip to content

Security: sudachen-forks/MCPtrace

Security

SECURITY.md

Security Considerations for MCPtrace

⚠️ WARNING: This MCP server executes system-level tracing commands with elevated privileges. Proper security configuration is CRITICAL.

Overview

MCPtrace provides AI assistants with access to powerful Linux kernel tracing capabilities through bpftrace. This requires careful security considerations to prevent unauthorized system access or malicious code execution.

Critical Security Issues

1. Privileged Execution

Risk: bpftrace requires root privileges to access kernel tracing facilities.

Current Implementation:

  • The server prompts for sudo password at startup
  • Password is cached in memory for the session duration only
  • Password is never written to disk or logs

Configuration Options:

  1. Default: Password Prompt (Current implementation):

    • Server prompts for password when started
    • Password cached securely in memory
    • Suitable for interactive use

  2. Alternative: Passwordless sudo (Recommended for production):

    # Add to /etc/sudoers using visudo
your_username ALL=(ALL) NOPASSWD: /usr/bin/bpftrace

  3. Container Deployment:

    • Use Docker with appropriate capabilities
    • Isolate the server from the host system
    • Pass credentials via environment variables

Security Considerations:

  • Password is transmitted to sudo via stdin using -S flag
  • Memory containing password is not swapped to disk
  • Password cleared when server stops

2. Code Injection Risks

Risk: Arbitrary bpftrace code execution could compromise system security.

Current State: No input validation or sanitization.

Mitigations:

  • Only use MCPtrace with trusted AI clients
  • Review all generated bpftrace programs before execution
  • Consider implementing an allowlist of safe trace patterns
  • Monitor server logs for suspicious activity

3. Resource Exhaustion

Risk: Malicious or poorly written traces could consume excessive system resources.

Current Limits:

  • 60-second execution timeout
  • 10,000 line output buffer
  • No CPU or memory limits

Recommendations:

  • Implement CPU and memory quotas
  • Add rate limiting per client
  • Monitor system resource usage
  • Set up alerts for abnormal behavior

Security Best Practices

1. Principle of Least Privilege

  • Run the MCP server as a dedicated user
  • Grant only necessary permissions
  • Use AppArmor or SELinux profiles if available
  • Restrict file system access

2. Network Security

  • Never expose the server directly to the internet
  • Use secure transport (TLS) for remote connections
  • Implement proper authentication mechanisms
  • Consider using a reverse proxy with authentication

3. Audit and Monitoring

  • Enable comprehensive logging
  • Monitor all executed bpftrace programs
  • Set up alerts for suspicious patterns
  • Regularly review access logs

4. Input Validation

Until proper validation is implemented:

  • Manually review generated traces
  • Use only with trusted AI models
  • Implement external validation scripts
  • Consider a human-in-the-loop approval process

Secure Configuration Example

# 1. Create dedicated user
sudo useradd -r -s /bin/false mcptrace

# 2. Configure passwordless sudo for bpftrace only
echo "mcptrace ALL=(ALL) NOPASSWD: /usr/bin/bpftrace" | sudo tee /etc/sudoers.d/mcptrace

# 3. Set restrictive permissions
sudo chmod 0440 /etc/sudoers.d/mcptrace

# 4. Run server as dedicated user
sudo -u mcptrace python /path/to/server.py

Threat Model

Potential Threats

  1. Malicious Trace Execution: Attacker executes harmful bpftrace programs
  2. Information Disclosure: Sensitive kernel data exposed through traces
  3. Denial of Service: Resource exhaustion through intensive traces
  4. Privilege Escalation: Exploiting bpftrace vulnerabilities
  5. Data Exfiltration: Using traces to extract sensitive information

Mitigations

  1. Access Control: Strict authentication and authorization
  2. Input Validation: Sanitize and validate all trace programs
  3. Resource Limits: Enforce CPU, memory, and time constraints
  4. Audit Logging: Log all operations with full context
  5. Network Isolation: Restrict network access from trace context

Incident Response

If you suspect a security incident:

  1. Immediate Actions:

    • Stop the MCP server
    • Review recent trace executions
    • Check system logs for anomalies
    • Isolate affected systems

  2. Investigation:

    • Analyze executed bpftrace programs
    • Review system call logs
    • Check for unauthorized file access
    • Monitor network traffic

  3. Recovery:

    • Revoke compromised credentials
    • Update security configurations
    • Patch identified vulnerabilities
    • Implement additional controls

Security Checklist

Before deploying MCPtrace:

  • Configured passwordless sudo for bpftrace
  • Created dedicated user account
  • Restricted sudo access to bpftrace binary only
  • Implemented logging and monitoring
  • Reviewed and understood threat model
  • Tested incident response procedures
  • Documented security configuration
  • Trained users on security best practices

Reporting Security Issues

If you discover a security vulnerability:

  1. Do NOT create a public GitHub issue
  2. Contact the maintainers privately
  3. Provide detailed reproduction steps
  4. Allow time for a fix before disclosure

Future Security Enhancements

Planned improvements:

  • Bpftrace program validation and sanitization
  • Sandboxed execution environment
  • Formal security audit
  • Integration with security frameworks
  • Automated threat detection

Remember: Security is a shared responsibility. Always follow the principle of least privilege and defense in depth when deploying MCPtrace.

There aren’t any published security advisories