#Sharkey #Support

hazelnoot@enby.life

@monkee@other.li @monkee@forum.other.li ah, gotcha. I'm glad you got it working!

monkee@other.li

@hazelnoot@enby.life @monkee@forum.other.li It confused me quite a bit as it was working from everywhere but not from the sharkey on the same server ​​

hazelnoot@enby.life

@monkee@other.li @monkee@forum.other.li huh, what a strange bug! What ended up being the cause?

monkee@other.li

@hazelnoot@enby.life @monkee@forum.other.li

I had to allow Private Networks in sharkey config.

allowedPrivateNetworks: [
  '127.0.0.1/32'
]

without it i also was not able to import follows list (Second Bug)

Feb 02 09:29:36 URL pnpm[7214]:     name: 'importFollowing',
Feb 02 09:29:36 URL pnpm[7214]:     failedReason: 'Blocked address: 127.0.0.1'

Now everything works peachy ​:monkeedance:​

hazelnoot@enby.life

@monkee@other.li @monkee@forum.other.li ohh yeah, that one again. FYI, changing that value can open you up to security issues if you have anything sensitive on the same network.

monkee@other.li

@hazelnoot@enby.life @monkee@forum.other.li Access is still limited to that machine only correct?

hazelnoot@enby.life

@monkee@other.li @monkee@forum.other.li yes, but it exposes the entire machine. An attacker can set a DNS record that resolves to your private IP range, and then reference that domain as a media attachment. Then they federate the post to your instance and the media server downloads that URL (which resolves to the internal IP) and attaches it to the post. Finally, they go to the copy of the post your instance and download the attachment, which contains whatever private data was there.

The impact is less severe when it's only the one IP, but you should still take the time to make sure nothing sensitive is accessible over localhost.

monkee@other.li

@hazelnoot@enby.life @monkee@forum.other.li It should not. But I'l make sure it is ​​

Thanks for taking the time to explain! Am always a bit insecure about server security ​​

hazelnoot@enby.life

@monkee@other.li @monkee@forum.other.li no worries! Please feel free to reach out if you have more questions. I (fortunately / unfortunately) have a lot of experience with Sharkey's security model and requirements

monkee@other.li

@hazelnoot@enby.life @monkee@forum.other.li Subprocesses in my brain are still working on yur attack scenario from above.
How? ​​ ​​
Need to refresh my networking knowledge, it has been a while...

hazelnoot@enby.life

@monkee@other.li @monkee@forum.other.li Sorry, I'm not great at explaining things. Let me lay it out like this, maybe it will make more sense:

- Alice (victim) has an instance alice.com. Located on the same machine is her personal file store, which has a web interface. The web interface is unauthenticated, so it listens on http://localhost:8080 and a reverse-proxy handles authentication.
- Mal (attacker) wants access to Alice's files. She already has an instance mal.com, so she adds a DNS A record for evil.mal.com which resolves to 127.0.0.1.
- Mal sends an ActivityPub Create(Note) activity to https://alice.com/inbox, making sure to include a media attachment with URL http://evil.mal.com:8080/api/list-files.
- Alice's instance processes the activity and finds the attachment URL. The media proxy component takes the media URL and resolves the domain, checking the returned 127.0.0.1 against the value of allowedPrivateAddresses. This check passes because 127.0.0.1/32 is included in the list, so media proxy makes a GET request to http://127.0.0.1:8080/api/list-files. This of course hits the API endpoint, returning some JSON with the file index. No authentication is required because this bypasses the reverse-proxy.
- The media server reads the Content-Type header and determines that application/json should be attached as a binary file, thus preserving it unmodified. The JSON is copied to Sharkey's local file store and given a UUID. The saved API response is then publicly accessible under the URL https://alice.com/files/{uuid}.
- Mal still doesn't know the file UUID, but that's easy to discover. She accesses https://alice.com/@mal@mal.com and scrolls to her latest post, which will include https://alice.com/files/{uuid} as the attachment URL. She downloads it and receives the file index.
- Now having a list of all files and exact URLs, she repeats the attack N times but with /api/list-files replaced with /media/{id}. Each activity she sends will then leak up to 16 media files, which allows her to quickly scrape Alice's entire file collection.

Note: this is described in terms of Sharkey instances, but works against any ActivityPub server where the private IP check is either missing or disabled by the admin.

hazelnoot@enby.life

@monkee@other.li @monkee@forum.other.li there's also a related attack that allows an attacker to make POST requests to a private IP range, but it's substantially harder to pull off and is unlikely to work except in contrived cases. I'm not even sure how to write an example for it.

natty@astolfo.social

@hazelnoot@enby.life @monkee@other.li @monkee@forum.other.li you mean a SSRF?

hazelnoot@enby.life

@natty@astolfo.social @monkee@other.li @monkee@forum.other.li yes, it's a type of SSRF

hazelnoot@enby.life

@natty@astolfo.social @monkee@other.li @monkee@forum.other.li sorry I forgot the word lol

hazelnoot@enby.life

@natty@astolfo.social @monkee@other.li @monkee@forum.other.li This is actually a well-known problem with ActivityPub, which is why all decent implementations have a filter for private IP ranges.

monkee@other.li

@hazelnoot@enby.life You are excellent at explaining! I think i get it!

natty@astolfo.social

@hazelnoot@enby.life @monkee@other.li @monkee@forum.other.li made us immediately check if it covers IPv6 ​​

natty@astolfo.social

@hazelnoot@enby.life @monkee@other.li @monkee@forum.other.li The fuck you mean the IP sanitization library is written by whitequark, how small is this world