Forbid to have len(alias) == len(id) to avoid service hijacking #607

krhubert · 2018-11-30T10:19:40Z

No description provided.

NicolasMahe · 2018-11-30T10:20:41Z

@krhubert can you provide more details and explanation please

krhubert · 2018-11-30T10:25:09Z

Suppose there is a service with ID = a and someone created another service with ALIAS = a. Then as long as service with ID = aexists it will receive the traffic, but when it will be shut down then ALIAS = a will receive all traffic, which probably wasn't intentional.

By forbidding len(alias) == len(id) we avoid this security leak and probably many others that might cause trouble due to having id same as alias.

krhubert · 2018-11-30T10:39:09Z

Also, 63 char is the maximum length of "labels"; see https://tools.ietf.org/html/rfc1035#section-2.3.4.

NicolasMahe · 2018-12-02T07:33:22Z

@krhubert This is done by #583, right?

krhubert · 2018-12-02T09:46:35Z

Yes

krhubert self-assigned this Nov 30, 2018

NicolasMahe mentioned this issue Dec 1, 2018

Alias system #583

Merged

NicolasMahe added this to the v0.5.0 milestone Dec 2, 2018

krhubert closed this as completed in #583 Dec 3, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Forbid to have len(alias) == len(id) to avoid service hijacking #607

Forbid to have len(alias) == len(id) to avoid service hijacking #607

krhubert commented Nov 30, 2018

NicolasMahe commented Nov 30, 2018

krhubert commented Nov 30, 2018

krhubert commented Nov 30, 2018

NicolasMahe commented Dec 2, 2018

krhubert commented Dec 2, 2018

Forbid to have len(alias) == len(id) to avoid service hijacking #607

Forbid to have len(alias) == len(id) to avoid service hijacking #607

Comments

krhubert commented Nov 30, 2018

NicolasMahe commented Nov 30, 2018

krhubert commented Nov 30, 2018

krhubert commented Nov 30, 2018

NicolasMahe commented Dec 2, 2018

krhubert commented Dec 2, 2018