-
Notifications
You must be signed in to change notification settings - Fork 5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security concern - IPFS ENS Resolving #5724
Comments
this might be helpful: https://github.com/ricmoo/meeseeks-app |
@ligi the most ideal way would be if we find a method to have the browser respect it as |
Could have a subdomain, first 16 hex of the hash: 0x12345612.gateway.ipfs. So the non-subdomained page refirects, and the second one checks the url against subdomain? Then all different pages would be domain siblings, and not have access to each others cookies... ? |
@holiman depending on how the cookies are registered the flaw may still exist. If a domain uses |
No, they can opt in to have the parent access them, they still can't access siblings |
I thought |
Some helpful pointers: IPFS content identifiers encoded as CIDv1 in Base32 are case-insensitive and can be used as authority component in FQDN. This creates Origin-based security perimeter per CID, isolating sensitive websites. Example: Some notes and sample gateways that support that approach can be found in ipfs/in-web-browsers#89 See https://github.com/ipfs/ipfs/issues/337#issuecomment-435356238 for commandline conversion steps from case-sensitive Base58 to cidv1b32. |
This is an important report before sites rely on ENS/IPFS for hosting dapps. Sounds like a simple first step would be for Infura's gateway to use subdomains for the ipfs hash. I will notify them now. |
@decanus No, foo.bar.com and baz.bar.com aren't shared, unless they both 'relax' into .bar.com via setting document.domain . I'm fairly certain, but I wouldn't take poison on it before I have tested a bit |
Actually, document.domain hasn't anything directly to do with cookies, but cookiejar policy is close but not identical to same-origin policy |
@danfinlay I think the most elegant solution would be if the solution implemented in ens-chrome-extension was used. Then there is also no need to even redirect a user. |
@danfinlay https://chrome.google.com/webstore/detail/ens-gateway-eth-domain-br/jkaiofboahfpipgijdgdmbdldlgcipgo Just found this extension written by @briansoule, maybe he can offer some insights. |
@decanus Oh really, it preserves the URL and doesn't do a redirect? I'm amazed we hadn't seen that yet. Thanks for bringing it up! @PhyrexTsai! |
@danfinlay @decanus Happy go to through the tech with you and possibly merge it into Metamask |
@briansoule is the extension open source? |
Not currently, we were planning on open sourcing it. Wanna jump on a call tomorrow? |
Sure, send me a mail dean@ens.domains, let's get @danfinlay to join us. |
@decanus @danfinlay I also built surrounding tools to look up the information of the corresponding domains, link: https://explorer.portal.network |
Issue Status: 1. Open 2. Started 3. Submitted 4. Done This issue now has a funding of 300.0 DAI (300.0 USD @ $1.0/DAI) attached to it as part of the Ethereum Foundation fund.
|
Issue Status: 1. Open 2. Cancelled Work has been started. These users each claimed they can complete the work by 8 months, 4 weeks ago. 1) chandrumoses has applied to start work (Funders only: approve worker | reject worker). I did not understand the requirement but will sort it out during development Integrate functionality from the ENSGateway browser extension, to resolve sites with a non-redirected url. Learn more on the Gitcoin Issue Details page. |
Hey @briansoule you're good to go on this! |
@briansoule Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
@briansoule are you working on this? If not, let's re-open to see if anyone else has the bandwidth! |
@bdresser I don't think he's working on iit and I haven't been able to get a hold of him. |
@ceresstation or @vs77bb could you remove @briansoule from the bounty so someone else can pick it up? |
Sorry guys, haven't had time. I endorse this
…On Wed, Jun 5, 2019 at 6:17 PM bobby dresser ***@***.***> wrote:
@ceresstation <https://github.com/ceresstation> or @vs77bb
<https://github.com/vs77bb> could you remove @briansoule
<https://github.com/briansoule> from the bounty so someone else can pick
it up?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#5724?email_source=notifications&email_token=AAMFWF7362XT4MTEFD3W3Z3PZBCRHA5CNFSM4GDB2T5KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODXBJB7Y#issuecomment-499290367>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAMFWFZOEGQANERFVC2WA43PZBCRHANCNFSM4GDB2T5A>
.
--
BrianSoule.com <http://briansoule.com/>
512-964-0048
@briansoule <https://twitter.com/BrianSoule>
|
@bdresser what is the status of this issue? |
@decanus it's not currently being worked out. Bounty has expired if you're willing to extend it @ceresstation. |
It looks like we're picking this up internally. @briansoule would you still be willing to share anything about your implementation for the ENS Gateway extension? Feel free to drop me an email: erik.marks@consensys.net |
Will shoot you an email Erik
…On Wed, Aug 28, 2019 at 5:08 PM Erik Marks ***@***.***> wrote:
It looks like we're picking this up internally.
@briansoule <https://github.com/briansoule> would you still be willing to
share anything about your implementation for the ENS Gateway extension?
Feel free to drop me an email: ***@***.***
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#5724?email_source=notifications&email_token=AAMFWF4X5DTANQW6NIKTMDLQG3ZMNA5CNFSM4GDB2T5KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5MTWKY#issuecomment-525941547>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAMFWF2RW2CTVI7QMTPNKG3QG3ZMNANCNFSM4GDB2T5A>
.
--
BrianSoule.com <http://briansoule.com/>
512-964-0048
@briansoule <https://twitter.com/BrianSoule>
|
Issue Status: 1. Open 2. Cancelled The funding of 300.0 DAI (300.0 USD @ $1.0/DAI) attached to this issue has been cancelled by the bounty submitter
|
Issue Status: 1. Open 2. Started 3. Submitted 4. Done This issue now has a funding of 300.0 DAI (300.0 USD @ $1.0/DAI) attached to it.
|
⚡️ A tip worth 300.00000 SAI (300.0 USD @ $1.0/SAI) has been granted to @pldespaigne for this issue from @rekmarks. ⚡️ Nice work @pldespaigne! To redeem your tip, login to Gitcoin at https://gitcoin.co/explorer and select 'Claim Tip' from dropdown menu in the top right, or check your email for a link to the tip redemption page.
|
Issue Status: 1. Open 2. Started 3. Submitted 4. Done This Bounty has been completed. Additional Tips for this Bounty:
|
Describe the issue
Using
gateway.ipfs.io
when resolvingENS
sites is dangerous. It allows alldapps
to have access over eachothers cookies as well as over the local storage. Research should be done into how this could be mitigated in order to protect users.Depending on how the new metamask opt-in feature works, this may also be dangerous. If it is domain wide, all dapps called through their
ENS
name are automatically permitted to use metamask.Could this be done by potentially adding a custom host to a users
hosts
file that resolves all*.ens
domains to a custom local server which then simply replaces content?Potentially helpful examples
The text was updated successfully, but these errors were encountered: