On 2021-04-08 15:43:33 +1000 (+1000), Ian Wienand wrote:
On Thu, Apr 01, 2021 at 02:35:32PM -0700, Clark Boylan wrote:
I ended up double checking the mirror node and in mirror.ca-ymq-1.vexxhost.opendev.org:/etc/netplan/50-cloud-init.yaml you can see what we did there. Essentially we set dhcpv6 and accept-ra to false then set an address and routes. We should be able to do the same thing with the new review host if we can't figure anything else out.
So we have a work around in production but also [3] being marked as an open security bug.
Are we happy enough ignoring RA's is sufficient to overcome the issues discussed in [3] for this service? The concern mostly seemed to be a targeted MITM attack; something which ssh host keys and SSL certificates should cover?
Yes, I think ignoring RAs is probably sufficient. Nobody seems to have yet figured out how the leak happens or what else could be leaked, but as you note the fact that a MitM couldn't usefully spoof a viable HTTPS or SSH connection endpoint is sufficient insurance against anything worse, so we can just focus on mitigating the stability problem arising from stray leaks for now. -- Jeremy Stanley