Conversation
Notices
-
Moon (moon@shitposter.club)'s status on Sunday, 06-Aug-2023 00:30:10 JST Moon If you are using an S3/Minio bucket for your Pleroma/Akkoma/Rebased server, because of the two recent security issues, unless you are certain you haven't been exploited you NEED to change the secret key for your S3 user and update your config. It would have been revealed by the exploit and it would enable the attacker to put anything in your bucket and possibly remove things, depending on your policy.
cc: @lanodan- LS likes this.
-
Disinformation Purveyor :verified_think: (thatguyoverthere@shitposter.club)'s status on Sunday, 06-Aug-2023 00:41:13 JST Disinformation Purveyor :verified_think: @Moon @lanodan is this a minio exploit or a pleroma exploit you are referring to? -
Moon (moon@shitposter.club)'s status on Sunday, 06-Aug-2023 00:41:19 JST Moon @feld @eriner @lanodan perfect, I need this. LS likes this. -
feld (feld@bikeshed.party)'s status on Sunday, 06-Aug-2023 00:41:20 JST feld oooh, in that case make the secrets read from the ENV. I can show you how to do this with a runtime.exs. They'll get nothing of value, then. -
feld (feld@bikeshed.party)'s status on Sunday, 06-Aug-2023 00:41:21 JST feld readonly just prevents attackers from establishing a persistent threat
they'd still be able to read these files -
Moon (moon@shitposter.club)'s status on Sunday, 06-Aug-2023 00:41:21 JST Moon @feld @eriner @lanodan I would add something that removes the secrets file after launch somehow. -
Moon (moon@shitposter.club)'s status on Sunday, 06-Aug-2023 00:41:22 JST Moon @eriner @lanodan yes, lanodan made a post recently with the other keys that need to be rotated. -
Moon (moon@shitposter.club)'s status on Sunday, 06-Aug-2023 00:41:22 JST Moon @eriner @lanodan When I have time I am going to explore what's needed for a readonly filesystem that after launch removes sensitive files or something. -
Matt Hamilton [Maryland] (eriner@noagendasocial.com)'s status on Sunday, 06-Aug-2023 00:41:23 JST Matt Hamilton [Maryland] Does pleroma have other keys/secrets in the config? If so, they ALL need to be rotated.
Any files with secrets that are accessible to the process that runs pleroma should be assumed to have been compromised.
In light of the two arbitrary file read vulns, if I were running Pleroma I'd rotate all the keys, or better yet wipe the server and restore data.
I run NAS' mastodon docker containers with an ephemeral read-only FS for this reason: https://github.com/mastodon/mastodon/pull/21165
-
Moon (moon@shitposter.club)'s status on Sunday, 06-Aug-2023 02:01:53 JST Moon @thatguyoverthere @lanodan pleroma exploit that would have enabled an attacker to read the pleroma server's config file. user information is safe. In conversation permalink Disinformation Purveyor :verified_think: likes this.