https://sourceware.org/bugzilla/show_bug.cgi?id=27917
Bug ID: 27917
Summary: protect against federation loops
Product: elfutils
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: debuginfod
Assignee: unassigned at sourceware dot org
Reporter: fche at redhat dot com
CC: elfutils-devel at sourceware dot org
Target Milestone: ---
If someone misconfigures a debuginfod federation to have loops, and a
nonexistent buildid lookup is attempted, bad things will happen, as is
documented. Let's reduce the risk by adding an option to debuginfod that
functions kind of like an IP packet's TTL: a limit on the length of XFF: header
that debuginfod is willing to process.
The simplest thing could be a comma (= hop) limit: "if X-Forwarded-For: exceeds
N hops, do not delegate a local lookup miss to upstream debuginfods". The
default could be reasonably high, say 8. Then recursion is guaranteed to
terminate.
Note that it wouldn't be right to simply reject requests with one's own IP
address (which a server doesn't really easily know anyway), because there could
be multiple servers running on any given host; or network-local RFC1918
addresses could legitimately recur.
--
You are receiving this mail because:
You are on the CC list for the bug.
