Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove unnecessary services available via home #4347

Open
jessysaurusrex opened this issue Jan 21, 2022 · 4 comments
Open

Remove unnecessary services available via home #4347

jessysaurusrex opened this issue Jan 21, 2022 · 4 comments
Assignees
@arirubinstein
Labels
audit-zestival Vulnerability assessment of ERTP + Zoe cosmic-swingset package: cosmic-swingset security vaults_triage DO NOT USE

Comments

@jessysaurusrex
Copy link
Contributor

jessysaurusrex commented Jan 21, 2022
edited by Tartuffo
Loading

At present, there is an incomplete understanding of which services are exposed in home. (e.g. local), and what capabilities they may provide to different audiences.

Before launch MN-1, a manual review of the list of services provided in home. to ensure that we have removed unexpected behaviors and potential risks for end users. For every service we expose, we should document audience and intended use.

Services that Zoe relies on were attacked directly via home.
@jessysaurusrex jessysaurusrex added Zoe package: Zoe security audit-zestival Vulnerability assessment of ERTP + Zoe MN-1 labels Jan 21, 2022
@jessysaurusrex jessysaurusrex self-assigned this Jan 21, 2022
@Tartuffo Tartuffo added cosmic-swingset package: cosmic-swingset and removed MN-1 Zoe package: Zoe labels Feb 7, 2022
@Tartuffo Tartuffo changed the title Harden Zoe by auditing services available in home Harden services available via home Feb 9, 2022
@dckc
Copy link
Member

dckc commented Feb 12, 2022

At present, there is an incomplete understanding of which services are exposed in home.

We have an enumeration of home contents (home.wallet, ...) under Agoric REPL docs. But I wouldn't call it complete. In particular, note:

I just ran into a key piece of documentation: solo/test/test-home.js with several tests along these lines:

agoric-sdk/packages/solo/test/test-home.js

Line 36 in d864c78

test.serial('home.board', async t => {

agoric-sdk/packages/solo/test/test-home.js

Line 168 in d864c78

test.serial('home.localTimerService makeRepeater', async t => {

Services that Zoe relies on were attacked directly via home.

In particluar, I suppose that refers to #4296, #4297.

This was referenced Feb 13, 2022
Closed
Merged
@Tartuffo Tartuffo added this to the Mainnet 1 milestone Mar 23, 2022
@dckc dckc changed the title Harden services available via home Remove unnecessary services available via home Mar 23, 2022
@dckc dckc assigned arirubinstein and unassigned jessysaurusrex Mar 23, 2022
@dckc
Copy link
Member

dckc commented Apr 3, 2022

E(home.board).ids() breaks the paying by message size rule: it returns an arbitrarily large list of strings given an O(1) input.

@Tartuffo Tartuffo removed this from the Mainnet 1 RC0 milestone Sep 21, 2022
@ivanlei ivanlei added the vaults_triage DO NOT USE label Jan 17, 2023
@ivanlei ivanlei added this to the Vaults RC0 milestone Feb 1, 2023
@arirubinstein arirubinstein removed this from the Vaults EVP milestone Mar 29, 2023
@arirubinstein
Copy link
Contributor

To be done before solo provisioning / addressing of home by clients

@dckc
Copy link
Member

dckc commented Mar 29, 2023

for ref: also known as "mailbox" access (#5965)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@arirubinstein arirubinstein

Labels
audit-zestival Vulnerability assessment of ERTP + Zoe cosmic-swingset package: cosmic-swingset security vaults_triage DO NOT USE
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@arirubinstein @dckc @Tartuffo @ivanlei @jessysaurusrex