coop-cloud-chaos-patchs
/
snikket-server
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add docs for update notifications

This commit is contained in:
Matthew Wild 2021-02-02 14:12:00 +00:00
parent 7ab1cec072
commit 3e62edfbe9
1 changed files with 101 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
docs/advanced/update_notifications.md Normal file
View File

@ -0,0 +1,101 @@
# Update notifications
This is an informational technical document about the update notification
system in Snikket server.
## Why are update notifications important?
It is now widely known that [outdated software][OWASP-A9] is one of the
biggest risk factors in securing systems on the internet. Therefore the
Snikket server will alert all admins to available updates and important
notices from the Snikket team.
We believe it is up to you to decide when and how to update your service.
But we will provide you with the tools you need to make that easy, fast
and painless.
## How are they implemented?
To preserve your privacy, private Snikket servers do not make requests
directly to our servers. Instead we put the necessary information about
current releases and security updates into our DNS records.
## Why did you choose DNS?
The obvious choice was HTTP, and this is how most traffic on the internet
is conveyed these days. But we opted for DNS due to the following advantages:
- DNS is designed for serving small amounts of data from one place to many
- Due to caching, and its connectionless nature, DNS is more scalable
- Queries will often travel via an intermediate resolver, so we
typically won't have access to your server's IP address
- A DNS query contains very little information, whereas HTTP will always
leak the IP address, and by default will often leak other headers.
But it also has some known downsides. In particular DNS is not secure by
default. Intermediaries may observe or drop the query, or even modify the
response.
The following conclusions were made about the downsides:
- Observability: an intermediary seeing outbound queries to our DNS
records may deduce that your server is running Snikket. This should
not be a problem in itself - there are many ways to detect if a server
is running Snikket (load up its web page for a start!).
- Availability: an intermediary may block queries for our DNS records.
This would prevent a server admin from receiving update notifications,
which is bad (they may be tricked into thinking they are up to date).
However using another protocol such as HTTP(S) would not prevent this
focused attack.
- Integrity: the data returned to the Snikket server may be modified or
spoofed by an intermediary. This would allow them to trigger false
update notifications. We have designed the system so that the risk is
minimized - the update notifications will always include a link to the
real announcement on snikket.org (if any). It is not possible to direct
admins to arbitrary URLs.
It is possible that in the future we will add support for DNSSEC or manually
sign the data provided in our DNS records.
It is also possible that we will move to another mechanism in the future, if
a more suitable one can be found.
## The details
Snikket releases are organized into 'channels', e.g. 'dev', 'alpha', 'beta',
'stable'. Your server will work out the channel it belongs to, and make a DNS
query to:
```
TXT _channel.update.snikket.net
```
The response will look like:
```
"latest=3"
"secure=2"
"msg=0"
```
This response indicates that version '3' is the latest, but version '2' is the
last release with no known security vulnerabilities is '2'. The `msg` field
allows us to send important announcements that may not be included in a release.
A Snikket server will use the returned information to determine whether the
administrators need to be notified, and generate a message if necessary. Since
the server has no further information, the message will include a link to the
relevant announcement on the snikket.org website by calculating the URL to use.
## Disabling update checks
We strongly recommend you leave update notifications enabled so that you are
notified promptly about important releases and announcements. However if you
plan to receive these another way, you may disable them by adding to your
snikket.conf:
```
SNIKKET_UPDATE_CHECK=0
```
[OWASP-A9]: https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities