|
Top-level
Kevin Beaumont
Mastodon has a few structural weakness when it comes to security vulnerabilities: - if you can get RCE, you can suspend every federated instance. That forces remote unfollow of all users. Restoring your server from backup doesn’t fix that. - there’s no auto update feature and/or one click upgrade for admins - admins have bolted on patches galore - eg search patches, UI changes etc - which makes upgrading more complex 21 comments
Noah Bailey
@GossiTheDog I think there should be a bit more user-interactivity for profile redirects, server self destructs, defederations, etc. Even if it’s just a notification every week or so that tells you what users have changed instances, profiles disappeared, and any other stuff that changes that a person might not really notice otherwise.
Sofie :verified_gay:
@GossiTheDog Further - access to a moderator account/RCE you can effectively suspend every account as well, making all accounts unrecoverable from backup. A solution would be similar to GPG, where the secret server keys are derived from a master key not online/accessible to the server. Currently i don't think mastodon's code supports off-server key-master derivations. :blobfoxnotlikethis:
Wander ΘΔ :verified_paw:
@nloveladyallen got it! Thank you. Although by that point I'd be more worried about leaking sensitive data. Also, if an attacker gets access to the account keys, they can send massive amounts of spam in your name and there's no way to recover from that either.
AC Nelson
@Wander
Marcus
@Wander @GossiTheDog "One of the most dangerous types of computer vulnerabilities. It allows an attacker to remotely run malicious code within the target system on the local network or over the Internet. Physical access to the device is not required. An RCE vulnerability can lead to loss of control over the system or its individual components, as well as theft of sensitive data." 
The_Gibson :veilid:
I'm just going to say it... This has been my biggest complaint about the mastodon software since I first started this place in 2017. Upgrades are always a shitshow. It needs to be a refined methodology, and it has always been an upgrade in which something always goes sideways. 
Umar Pharouk 🇳🇬
@GossiTheDog I agree there should be a solution to these, how about, bringing a one-click update or separating updated files into different folder. Also, it's good to see custom language translation files, so that when you applied a custom translation it overrides the original one.
thunderysteak@obsolete:~$
@GossiTheDog I've been trying to refine the Ansible Playbook for Mastodon deployment that can be used for automatic patching, but because of Mastodon constantly having to make you do special handling instructions, it's limited to very minor upgrades. Noticed it when I dogfooded my own code.
thunderysteak@obsolete:~$
@GossiTheDog but as long as there are no special handling instructions required, the playbook is basically a single touch upgrade solution |
Gregory's Server
@GossiTheDog if you can get RCE you can just run the command to tell every remote server that your server is shutting down permanently, so...