72 lines
2.2 KiB
Plaintext
72 lines
2.2 KiB
Plaintext
---
|
|
summary: Un-authable membership events can corrupt HS room state
|
|
---
|
|
assignee: markjh
|
|
created: 2016-07-22 14:48:04.0
|
|
creator: dbkr
|
|
description: |-
|
|
See https://vector.im/develop/#/room/!DgvjtOljKujDBrxyHk:matrix.org/$1469181498665GNapO:kolm.io for scrollback of me trying to figure out why Yaniel can't speak in Matrix HQ.
|
|
|
|
Matrix.org seemed to get a consistent membership event for him but his HS is having none of it and will not let him join nor leave. I see a lot of the classic, "Event content has been tampered, redacting" log lines on both servers (and not for the un-authable event).
|
|
id: '12765'
|
|
key: SYN-735
|
|
number: '735'
|
|
priority: '1'
|
|
project: '10000'
|
|
reporter: dbkr
|
|
status: '3'
|
|
type: '1'
|
|
updated: 2016-11-07 18:29:47.0
|
|
votes: '0'
|
|
watches: '2'
|
|
workflowId: '12865'
|
|
---
|
|
actions:
|
|
- author: richvdh
|
|
body: |-
|
|
From Dylanger:
|
|
|
|
> Basically I took richvdh's identity
|
|
> And his domain
|
|
> Under my HS
|
|
> Had his privs
|
|
> Then gave myself permissions
|
|
|
|
> I just changed my HS'es domain name
|
|
> In YAML
|
|
|
|
So Dylanger has convinced his own HS that he has admin, and used that to generate a kick event, which has then been sent to Yaniel's, which has then accepted the kick despite the broken auth chain.
|
|
created: 2016-07-25 12:05:15.0
|
|
id: '13079'
|
|
issue: '12765'
|
|
type: comment
|
|
updateauthor: richvdh
|
|
updated: 2016-07-25 12:05:15.0
|
|
- author: dbkr
|
|
body: I think the spoofed event ID here is $14691813430ugbai:onedefence.com
|
|
created: 2016-07-25 14:34:15.0
|
|
id: '13080'
|
|
issue: '12765'
|
|
type: comment
|
|
updateauthor: dbkr
|
|
updated: 2016-07-25 14:34:15.0
|
|
- author: richvdh
|
|
body: |-
|
|
From [~erikj]:
|
|
> I don't think it was the spoof that actually caused the issues, but that auth rejected events were accidentally being inserted inserted into the state
|
|
> (as opposed to events that were rejected way earlier due to bad sigs)
|
|
created: 2016-07-26 10:29:21.0
|
|
id: '13083'
|
|
issue: '12765'
|
|
type: comment
|
|
updateauthor: richvdh
|
|
updated: 2016-07-26 10:29:21.0
|
|
- author: richvdh
|
|
body: 'Migrated to github: https://github.com/matrix-org/synapse/issues/1571'
|
|
created: 2016-11-07 18:29:47.0
|
|
id: '13894'
|
|
issue: '12765'
|
|
type: comment
|
|
updateauthor: richvdh
|
|
updated: 2016-11-07 18:29:47.0
|