-
Notifications
You must be signed in to change notification settings - Fork 373
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal for ACLing servers from rooms #1383
Comments
Responding to the comment over at #1308 (comment) from @maxidor:
Who? To be clear: anyone in the community is very very welcome to voice their concerns, and it will make it a lot easier for feedback this to be taken seriously if it's not anonymous, or all being filtered through you (especially given the conflict of interest given your own fork, etc).
This was a race of a few hours; I'm not sure why it matters?
So last time I checked mxhsd "isn't a thing in Matrix any more", and construct is known to actively attack the federation. It boils down to a question of trust; if Ruma/Plasma/Transform etc had any federation code and their authors weren't forking or attacking the protocol we would have discussed this with them.
...or that we are trying to protect the community from attack whilst we solve the remaining S2S flaws.
...because it was reviewed under embargo by the core team.
As far as we're aware it can only be bypassed or state reseted maliciously by a colluding or noncompliant server (which would then be also banned, in the event of having to use this). If you've found an actual flaw in the proposal please spell it out clearly before we ship the release rather than bragging about undisclosed vulns. Just because 3 people say "i don't understand how this helps much" or "i don't think this should have been handled as a security fix" doesn't make it true. If you'd like to reason it through please feel free.
I don't follow your point here. This is a security feature which is needed to protect the network whilst we finish off fixing state resets (which is progressing well, fwiw). It feels pretty obvious to me that we would develop and ship this under embargo in order to get it out asap to protect the network.
It's not too late; if you can spell out the bugs in this one (and better yet suggest an alternative) then please feel free. |
Just responding to the three points you mentioned with permalinks:
Either that or I'm too stupid to understand the attack here, in which case please do explain it clearly.
@maunium: you're right that it's probably best described as a security feature rather than a security fix. It was honestly a borderline decision on whether to design & implement this under embargo, but given we want to be able to deploy it as rapidly as possible in the event of abuse, we wanted to make sure we had something ready to go rather than having multiple days where such a feature is on the horizon but not actually deployable. In terms of whether "it doesn't even help much", do the explanations above make sense? Or are we missing something, in which case please let us know before we ship this. |
this has been in production for a couple of weeks, so I guess it's now pr-missing |
Something that came up again is how are servers meant to tell other servers that they are no longer ACL'd? As far as I can tell, if you ACL a server it'll ignore the updated ACL event that unbans itself. |
Implements the proposal for matrix-org#1383
The top-level `example` in `edu.yaml` was overriding the individual examples for `edu_type`. Let's fix that by getting rid of the example in `edu.yaml`. Fixes matrix-org/matrix-spec#805
Documentation: https://docs.google.com/document/d/1aiuROf1__7ZFkJvDdAZQfBNxyzjYd-ijiRAcHJYqJCM/edit#heading=h.t1ebd56v2ae6
Author: @richvdh, @ara4n
This proposal is treated as a vulnerability mitigation, and as such was written and reviewed by the core spec team and is now being made public in sync with a fix being made available in Synapse 0.32.0rc1 and the forthcoming urgent Synapse 0.32.0 upgrade.
The text was updated successfully, but these errors were encountered: