Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't allow insecure connections and add timeout #45

Merged
merged 2 commits into from
May 17, 2022
Merged

Don't allow insecure connections and add timeout #45

merged 2 commits into from
May 17, 2022

Conversation

ukkopahis
Copy link
Contributor

@ukkopahis ukkopahis commented Apr 16, 2022
edited
Loading

linuxserver.io

  • I have read the contributing guideline and understand that I have made the correct modifications

Description:

Insecure connections (-k) would allow man-in-the middle attacks to read
your update token.

In theory a connection may hang for hours without a timeout, thus preventing
update attempts. Source: curl man page under --max-time.

Benefits of this PR and context:

Security and reliability

How Has This Been Tested?

Built and ran the container. Output:

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing... 
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 02-tamper-check: executing... 
[cont-init.d] 02-tamper-check: exited 0.
[cont-init.d] 10-adduser: executing... 
usermod: no changes

-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/


Brought to you by linuxserver.io
-------------------------------------

To support the app dev(s) visit:
DuckDNS: https://www.patreon.com/user?u=3209735

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid:    911
User gid:    911
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 40-config: executing... 
Retrieving subdomain and token from the environment variables
log will be output to docker log
Your IP was updated at Sat Apr 16 08:38:09 UTC 2022
[cont-init.d] 40-config: exited 0.
[cont-init.d] 90-custom-folders: executing... 
[cont-init.d] 90-custom-folders: exited 0.
[cont-init.d] 99-custom-files: executing... 
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Your IP was updated at Sat Apr 16 08:42:00 UTC 2022
Your IP was updated at Sat Apr 16 08:47:01 UTC 2022
Your IP was updated at Sat Apr 16 08:52:01 UTC 2022
Your IP was updated at Sat Apr 16 08:57:01 UTC 2022
Your IP was updated at Sat Apr 16 09:02:01 UTC 2022
Your IP was updated at Sat Apr 16 09:07:01 UTC 2022
Your IP was updated at Sat Apr 16 09:12:01 UTC 2022
Your IP was updated at Sat Apr 16 09:17:01 UTC 2022
Your IP was updated at Sat Apr 16 09:22:01 UTC 2022
Your IP was updated at Sat Apr 16 09:27:01 UTC 2022
Your IP was updated at Sat Apr 16 09:32:01 UTC 2022
Your IP was updated at Sat Apr 16 09:37:01 UTC 2022
Your IP was updated at Sat Apr 16 09:42:01 UTC 2022
Your IP was updated at Sat Apr 16 09:47:01 UTC 2022
Your IP was updated at Sat Apr 16 09:52:01 UTC 2022
Your IP was updated at Sat Apr 16 09:57:01 UTC 2022
Your IP was updated at Sat Apr 16 10:02:01 UTC 2022
Your IP was updated at Sat Apr 16 10:07:01 UTC 2022
Your IP was updated at Sat Apr 16 10:12:01 UTC 2022

@project-bot project-bot bot added this to PRs & in progress issues in Issue & PR Tracker Apr 16, 2022
@LinuxServer-CI
Copy link
Contributor

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/duckdns/73eeb4c2-pkg-73eeb4c2-pr-45/index.html
https://ci-tests.linuxserver.io/lspipepr/duckdns/73eeb4c2-pkg-73eeb4c2-pr-45/shellcheck-result.xml

@ukkopahis
Copy link
Contributor Author

Note: for some reason project-bot didn't add #44 to the Issue & PR tracker, like it added this request. Hopefully it won't fall between the cracks.

@ukkopahis ukkopahis force-pushed the secure-connection branch 2 times, most recently from dbc0405 to 7a6ff0a Compare May 4, 2022 10:57
@LinuxServer-CI
Copy link
Contributor

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/duckdns/68a3222a-pkg-68a3222a-pr-45/index.html
https://ci-tests.linuxserver.io/lspipepr/duckdns/68a3222a-pkg-68a3222a-pr-45/shellcheck-result.xml

1 similar comment
@LinuxServer-CI
Copy link
Contributor

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/duckdns/68a3222a-pkg-68a3222a-pr-45/index.html
https://ci-tests.linuxserver.io/lspipepr/duckdns/68a3222a-pkg-68a3222a-pr-45/shellcheck-result.xml

@ukkopahis
Don't allow insecure connections and add timeout
e601417 
Insecure connections (-k) would allow man-in-the middle attacks to read
your update token.

In theory a connection may hang for hours without this, thus preventing
update attempts. Source: curl man page under --max-time.
@LinuxServer-CI
Copy link
Contributor

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/duckdns/68a3222a-pkg-68a3222a-pr-45/index.html
https://ci-tests.linuxserver.io/lspipepr/duckdns/68a3222a-pkg-68a3222a-pr-45/shellcheck-result.xml

Issue & PR Tracker automation moved this from PRs & in progress issues to Team approved, ready for merge May 17, 2022
@LinuxServer-CI
Copy link
Contributor

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/duckdns/33e8df19-pkg-33e8df19-pr-45/index.html
https://ci-tests.linuxserver.io/lspipepr/duckdns/33e8df19-pkg-33e8df19-pr-45/shellcheck-result.xml

@aptalca aptalca merged commit fd27bcd into linuxserver:master May 17, 2022
Issue & PR Tracker automation moved this from Team approved, ready for merge to Done May 17, 2022
@ukkopahis ukkopahis deleted the secure-connection branch May 21, 2022 11:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aptalca aptalca aptalca approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Issue & PR Tracker
  
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ukkopahis @LinuxServer-CI @aptalca