2016-02-24 17:25:09 +01:00
|
|
|
********************
|
|
|
|
Security in Limnoria
|
|
|
|
********************
|
|
|
|
|
2016-02-24 18:50:18 +01:00
|
|
|
Some security features are disabled by default.
|
|
|
|
We know this is arguable, but enabling them would make it quite hard
|
|
|
|
to start using the bot.
|
|
|
|
This guide is for people who want to enable these features to make
|
|
|
|
their bot as secure as possible.
|
|
|
|
|
|
|
|
.. note::
|
|
|
|
|
|
|
|
Limnoria (or Gribble or Supybot) have never been audited by a security
|
|
|
|
professional.
|
|
|
|
We do the best we can to make it secure, but we cannot guarantee it is
|
|
|
|
completely safe.
|
|
|
|
|
2016-02-24 17:25:09 +01:00
|
|
|
Trust in network operators
|
|
|
|
==========================
|
|
|
|
|
2016-02-24 18:33:32 +01:00
|
|
|
As you may know, it is possible to do anything from IRC, including loading
|
|
|
|
the Unix plugin and using the `@call` command.
|
|
|
|
The only safeguard is checking the user calling the commands is authenticated
|
|
|
|
as the owner of the bot; and network operators are able to spoof hostmasks
|
|
|
|
and collect your password, thus allowing them to execute commands as the
|
|
|
|
owner.
|
|
|
|
|
|
|
|
Although network operators of most well-known IRC networks are not known to
|
|
|
|
do that, you should be aware of that risk.
|
2016-02-24 17:25:09 +01:00
|
|
|
|
|
|
|
|
|
|
|
.. _security-ssl:
|
|
|
|
|
|
|
|
Network connections / SSL
|
|
|
|
=========================
|
|
|
|
|
|
|
|
Background on SSL certification validation
|
|
|
|
------------------------------------------
|
|
|
|
|
2016-02-24 18:45:28 +01:00
|
|
|
It is often believed using SSL magically makes impossible any attack on your
|
|
|
|
connection (from the bot to the server).
|
|
|
|
It is true that it prevents passive eavesdropping, but other attack methods
|
|
|
|
are still possible.
|
|
|
|
|
|
|
|
The main one involves man-in-the-middle, ie. someone acting as a proxy between
|
|
|
|
you (your bot, in that case) and the IRC network.
|
|
|
|
If certificates are not validated, the attacker can allow you to connect
|
|
|
|
to itself using their own SSL certificate, and you would never know about it.
|
|
|
|
|
|
|
|
This is why it is important to check the SSL certificate of the server
|
|
|
|
you connect to: an attacker cannot spoof a certificate, or the trust of
|
|
|
|
a Certificate Authority in a network's certificates.
|
|
|
|
|
|
|
|
Of course, this assumes there is no bug in your SSL library, the network's,
|
|
|
|
and the protocols involved.
|
2016-02-24 17:25:09 +01:00
|
|
|
|
|
|
|
Certificate validation in Limnoria
|
|
|
|
----------------------------------
|
|
|
|
|
|
|
|
Until version 2016.02.24, Limnoria did not support certificate validation.
|
|
|
|
Starting from this version, it is possible, but disabled by default, in order
|
|
|
|
to not break existing bot when updating.
|
|
|
|
|
|
|
|
Certificate validation can be enabled using this command::
|
|
|
|
|
|
|
|
@config supybot.protocols.ssl.verifyCertificates true
|
|
|
|
|
|
|
|
Available validation mechanisms are Certification Authorities and
|
|
|
|
fingerprint checking.
|
|
|
|
|
|
|
|
Certificate Authorities
|
|
|
|
-----------------------
|
|
|
|
|
2016-02-24 18:33:32 +01:00
|
|
|
By default, Limnoria only checks certificates using CA certificates installed
|
|
|
|
on your system. However, some networks use a CA that is not trusted by your
|
|
|
|
system, such as CACert.
|
|
|
|
|
|
|
|
Limnoria allows you to add a CA certificate for a network::
|
|
|
|
|
|
|
|
@config networks.NETWORKNAME.ssl.authorityCertificate /path/to/the/certificate.crt
|
|
|
|
|
|
|
|
Note that you are responsible for making sure this is the right certificate
|
|
|
|
for the CA, and trust this CA to sign correctly certificates valid for the
|
|
|
|
network's hostname(s).
|
|
|
|
|
2016-02-24 17:25:09 +01:00
|
|
|
|
|
|
|
Fingerprint checking
|
|
|
|
--------------------
|
|
|
|
|
2016-02-24 18:33:32 +01:00
|
|
|
Alternatively, for networks that do not use a CA, you can give Limnoria
|
|
|
|
the list of fingerprints of certificates used by the network::
|
|
|
|
|
|
|
|
@config supybot.networks.NETWORKNAME.ssl.serverFingerprints: <fingerprint1> <fingerprint2> ...
|
|
|
|
|
|
|
|
Adding fingerprints will disable CA verifications (useful if you do not
|
|
|
|
want to trust CAs).
|
|
|
|
|
|
|
|
Note that you are responsible for giving the correct list of fingerprints.
|
2016-02-24 17:25:09 +01:00
|
|
|
|
|
|
|
.. _ssl-python-versions:
|
|
|
|
|
|
|
|
Supported python versions
|
|
|
|
-------------------------
|
|
|
|
|
|
|
|
Fingerprint checking is available in all Python versions.
|
|
|
|
|
|
|
|
CA validation is available in Python 2, starting on 2.7.9; and
|
|
|
|
Python 3, starting on 3.4.
|