This repository contains upstream sources of the 'rhc' tool, available in Red Hat Enterprise Linux, and select Fedora-based distributions.
A single release branch on GitHub may be targeting one or more RHEL versions. To learn more about Red Hat Enterprise Linux Life Cycle, visit the Customer Portal.
Visit Product Security Center and contact our security team if you believe you have discovered security-related problems.
If you are a Red Hat customer, you may also contact our support.
Binaries rhc consists of:
rhcshell binary. Code execution requires root privileges, the user is fully trusted.rhc-serverdaemon and itscom.redhat.rhcUnix socket. It is owned by root with permissions0600. Connections require root privileges, the caller is fully trusted.rhc-collectorshell binary. Is not meant to be used by users under normal operation. It is invoked by root-owned systemd units of individual data collectors, supplyingCOLLECTOR-IDas a positional argument to itsruncommand.com.redhat.minimaldata collector. Code execution requires root privileges, takes no input.
APIs rhc connects to:
com.redhat.RHSM1D-Bus API on a system bus. Its policy requires the caller to berootby default, except for read-only methods and objects.org.freedesktop.systemd1D-Bus API on a system bus.cert.console.redhat.comHTTP API. System CA certificates are used for mTLS transport.
Additionally, there are planned trust boundaries that are not yet implemented:
rhc.confconfiguration file and files in its drop-in directory. They are owned by root with permissions0640(files) and0750(the directory).subscription.rhsm.redhat.comHTTP API. Red Hat's CA certificates provided by subscription-manager-rhsm-certificates package are used for mTLS transport.- Satellite HTTP APIs. When reconfigured, rhc may communicate with remote HTTP APIs served by Red Hat Satellite Server or Red Hat Satellite Capsule Server. Satellite (Katello) CA certificates are used for mTLS transport.
- Local unprivileged user or process: anything that might be running on a RHEL host.
- Network adversary between the host and remote HTTP APIs.
- Compromised data collector that would get executed with root permissions by
rhc-collector.
Out of scope:
- Attacker who already holds root permissions and can modify arbitrary files.