Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Untrusted device should be disallowed from being an introducer #8920

Closed
calmh opened this issue Jun 3, 2023 · 0 comments
Closed

Untrusted device should be disallowed from being an introducer #8920

calmh opened this issue Jun 3, 2023 · 0 comments
Labels
bug A problem with current functionality, as opposed to missing functionality (enhancement)
Milestone
v1.23.6

Comments

@calmh
Copy link
Member

calmh commented Jun 3, 2023
edited

A vulnerability report was submitted to the effect that the untrusted flag doesn't properly prevent combining with introducer, thus allowing the supposedly untrusted device to introduce trusted devices into the cluster and causing a data leak. Since this is a misconfiguration that needs to happen on the trusted side, I decided it's low impact enough to be published as a public issue while we're fixing it.

This may also apply to other settings, such as auto-accepting folders which makes no sense from an untrusted device.

Originally reported by @vibs29
@calmh calmh added bug A problem with current functionality, as opposed to missing functionality (enhancement) needs-triage New issues needed to be validated labels Jun 3, 2023
calmh added a commit to calmh/syncthing that referenced this issue Jun 3, 2023
@calmh
lib/config, gui: Disallow some options in combination with "untrusted" (
074a464 
fixes syncthing#8920)

This prevents combining untrusted with introducer and auto-accept, and
also verifies that folders shared with untrusted devices have passwords
at config loading time.
@calmh calmh removed the needs-triage New issues needed to be validated label Jun 6, 2023
imsodin pushed a commit to imsodin/syncthing that referenced this issue Jun 11, 2023
@calmh @imsodin
lib/config, gui: Disallow some options in combination with "untrusted" (
0918577 
fixes syncthing#8920)

This prevents combining untrusted with introducer and auto-accept, and
also verifies that folders shared with untrusted devices have passwords
at config loading time.
@calmh calmh closed this as completed in 6b475bd Jun 14, 2023
@calmh calmh added this to the v1.23.6 milestone Jun 14, 2023
calmh added a commit to calmh/syncthing that referenced this issue Jun 14, 2023
@calmh
Merge branch 'main' into multicon
0a399d4 
* main:
  build: Update some dependencies
  build: Make sure we get the latest matching Go version
  build: Multi arch Docker images with GitHub actions (ref syncthing#8834)
  lib/config, gui: Disallow some options in combination with "untrusted" (fixes syncthing#8920) (syncthing#8921)
  gui, man, authors: Update docs, translations, and contributors
  Don't add empty device to config on init (syncthing#8933)
  build: Push release files to cloud storage
  build: Generate .asc files for release packages (fixes syncthing#8897)
  build: Properly build all Debian archs (fixes syncthing#8898)
  gui: Avoid code generating HTML (syncthing#8923)
  gui: Remove HTML support in tooltips
  gui: Avoid code generating HTML (syncthing#8923)
  build: Tests should run with Go 1.20 on Windows (syncthing#8924)
  gui, man, authors: Update docs, translations, and contributors
  lib/model: Improve test for unignored parent directories (syncthing#8926)
  build: Update dependencies (syncthing#8925)
  gui: Remove HTML support in tooltips
  cmd/syncthing: Use correct binary when restarting monitor (syncthing#8919)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug A problem with current functionality, as opposed to missing functionality (enhancement)
Projects
None yet
Milestone
v1.23.6
Development

No branches or pull requests
1 participant
@calmh