port allocation - centralized method for handing out ports to ensure that callers cannot squat on well-known ports #9165
Comments
|
First, I'd suggest creating a PortAllocator object with {
allocateIBCPort() {
const { state } = this;
// Allocate an IBC port with a unique generated name.
return E(state.protocol).bind(`/ibc-port/`);
},
allocateICAControllerPort() {
const { state } = this;
state.lastICAPortNum += 1n;
return E(state.protocol).bind(`/ibc-port/icacontroller-${state.lastICAPortNum}`);
},
}Then, I'd suggest rewriting { consume: { portAllocator }} // get the allocator object from the promise space
//...
const makePorts = async () => {
// Bind to some fresh ports (either unspecified name or `icacontroller-*`)
// on the IBC implementation and provide them for the user to have.
const ibcportP = [];
for (let i = 0; i < NUM_IBC_PORTS_PER_CLIENT; i += 1) {
if (i === NUM_IBC_PORTS_PER_CLIENT - 1) {
const portP = when(E(portAllocator).allocateICAControllerPort());
ibcportP.push(portP);
} else {
const portP = when(E(portAllocator).allocateIBCPort());
ibcportP.push(portP);
}
}
return Promise.all(ibcportP);
};Exercise for the reader: make the PortAllocator available from |
|
marking "in progress" per message with ikenna |
What's the consequence of this behavior? If I know what port a vat is using, could I request it and be able to listen on the same port? |
michaelfig
changed the title
Port names have special meanings to some IBC protocols or clients. The Network Vat does not restrict the name of what you can allocate/bind. That allows "squatters" to allocate vanity or conventional port names which is too powerful a capability to have for most clients. An attenuated central port allocator can allow port names to be allocated without permitting squatters.
No, it's only allocated/bound once (until the original allocator revokes the port). If you request a port name that is currently bound, you just get rejected. |
In the case of ICS-27, interchain accounts, the same port identifier can be reused to recover an account:
|
<!-- < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < ☺ v ✰ Thanks for creating a PR! ✰ ☺ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --> <!-- Most PRs should close a specific Issue. All PRs should at least reference one or more Issues. Edit and/or delete the following lines as appropriate (note: you don't need both `refs` and `closes` for the same one): --> closes: #9165 ## Description <!-- Add a description of the changes that this PR introduces and the files that are the most critical to review. --> `bindPort` gives a caller too much power to specify exactly what port they want allocated. With this change, we create a central object, `PortAllocator` that handles handing out ports to the caller. As of today, we are allocating ports for: 1. `/ibc-port` 2. `/ibc-port/icacontroller` 3. `/ibc-port/pegasus` ### Security Considerations <!-- Does this change introduce new assumptions or dependencies that, if violated, could introduce security vulnerabilities? How does this PR change the boundaries between mutually-suspicious components? What new authorities are introduced by this change, perhaps by new API calls? --> This will prevent `squatting`, where callers can come and claim certain ports that they have no association with ### Documentation Considerations <!-- Give our docs folks some hints about what needs to be described to downstream users. Backwards compatibility: what happens to existing data or deployments when this code is shipped? Do we need to instruct users to do something to upgrade their saved data? If there is no upgrade path possible, how bad will that be for users? --> We've removed the `bindPort` method from the network vat. All the contracts inside of `agoric-sdk` have been changed to use `portAllocator` ### Testing Considerations <!-- Every PR should of course come with tests of its own functionality. What additional tests are still needed beyond those unit tests? How does this affect CI, other test automation, or the testnet? --> I've included some unit test testing the new allocate APIs --------- Co-authored-by: Michael FIG <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
port allocation - centralized method for handing out ports to ensure that the same ports aren’t reused. Right now Network Vat allows you to request any port.
The text was updated successfully, but these errors were encountered: