From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
 id A89233947C00; Wed, 26 May 2021 17:48:42 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A89233947C00
From: "fche at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: elfutils-devel@sourceware.org
Subject: [Bug debuginfod/27917] New: protect against federation loops
Date: Wed, 26 May 2021 17:48:42 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: elfutils
X-Bugzilla-Component: debuginfod
X-Bugzilla-Version: unspecified
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: fche at redhat dot com
X-Bugzilla-Status: NEW
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter cc target_milestone
Message-ID: <bug-27917-10460@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: elfutils-devel@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Elfutils-devel mailing list <elfutils-devel.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/elfutils-devel/>
List-Help: <mailto:elfutils-devel-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Wed, 26 May 2021 17:48:42 -0000

https://sourceware.org/bugzilla/show_bug.cgi?id=3D27917

            Bug ID: 27917
           Summary: protect against federation loops
           Product: elfutils
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: debuginfod
          Assignee: unassigned at sourceware dot org
          Reporter: fche at redhat dot com
                CC: elfutils-devel at sourceware dot org
  Target Milestone: ---

If someone misconfigures a debuginfod federation to have loops, and a
nonexistent buildid lookup is attempted, bad things will happen, as is
documented.  Let's reduce the risk by adding an option to debuginfod that
functions kind of like an IP packet's TTL: a limit on the length of XFF: he=
ader
that debuginfod is willing to process.

The simplest thing could be a comma (=3D hop) limit: "if X-Forwarded-For: e=
xceeds
N hops, do not delegate a local lookup miss to upstream debuginfods".  The
default could be reasonably high, say 8.  Then recursion is guaranteed to
terminate.

Note that it wouldn't be right to simply reject requests with one's own IP
address (which a server doesn't really easily know anyway), because there c=
ould
be multiple servers running on any given host; or network-local RFC1918
addresses could legitimately recur.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=