18:41 <abliss> So I'm trying out using the `/.sandstorm-token/` path instead of the Authorization header for accessing my matrix grain. It seems to work great, which is nice because some matrix clients already seem to allow the use of an extra path segment (whereas none of them support taking a webkeys from the server url and sticking it in the authorization header).

18:41 <isd> cool.

18:41 <abliss> However, I was kind of hoping that since sandstorm was taking its token out of the path segment, it would be able to pass on the original request's Authorization header into the app itself. That seems to not happen; I get no Auth header at all.

18:42 <abliss> Might it be resonable to forward the Auth header when using the token in the path? or is there too much risk of someone accidentally using both headers, and leaking the app's auth token back to itself? (which I suppose is thought to be bad, though I don't understand why)

18:43 <isd> Remind me why you need to inspect the auth header again?

18:44 <isd> Maybe you could put a proxy in front of the matrix http endpoint that looks at the X-Sandstorm-* headers and maps those to auth headers which it passes on to matrix inside the grain?

18:45 <abliss> incoming requests from outside sandstorm want to use the auth header (either for a client app, or for a federated server request).

18:46 <abliss> Right now, since I'm using apache to proxy the short url to the long sandstorm url, i can add a mod_header rewrite to change Authorization to X-Original-Authorization, and then add another apache inside the grain to change it back before sending it to the app. but that's kind of a bummer.

18:50 <isd> Authorization header in a database, and then injects that into the request before passing it on to the matrix server?

18:50 <isd> I guess what I'm thinking is, for client->server, can we rig it up so that the client submit's Sandstorm's authorization header (generated via the usual offer iframe mechanism), Sandstorm then makes the request into the grain having stripped off the auth header but inserted user info via the bridge's X-Sandstorm-* headers, then we put some daemon in front of the matrix server that looks at those headers, finds a corresponding

18:50 <isd> I'm less clear on how server->server works

18:53 <isd> This is not far off from what powerbox-http-proxy does; it maintains a mapping in a db of domain -> capability for that domain

18:53 <abliss> matrix clients want to use the auth given to them from the matrix server. injecting a custom auth token would be an invasive change to every client app.

18:53 <isd> Ah, I see.

18:55 <isd> I do think docs should more clearly articulate what the thread model is re: letting grains see their own auth tokens; other than a generic POLA thing I'm not sure I see a serious problem either.

18:55 <isd> And it would definitely be useful in some circumstances.

18:56 <isd> Maybe kentonv can weigh in on this.

18:58 <kentonv> if a grain can see its own tokens than leaking a capability to itself is reduced to leaking bits

18:59 <isd> Aha, that makes sense.

19:00 <kentonv> granted, it's a fairly paranoid policy most of the time, but there are use cases where people might care about this.

19:02 <kentonv> in an ideal world, secret bits would never be exchangeable for a capability in themselves. Everything would operate like CapTP / Cap'n Proto with the Four Tables.

19:03 <kentonv> but in that case, I guess displaying a capability back to the user would be even more complicated.

19:04 <abliss> isd: maybe you could expand on "leaking a capability to itself is reduced to leaking bits" if it makes sense to you? Because I don't get it.

19:07 <abliss> Hm, my plan to smuggle the original Authorization header in another header seems not to work. Does sandstorm only forward headers on some explicit allowlist?

19:07 <isd> abliss: web-session.capnp is your authoritative reference.

19:07 <kentonv> so, some people want their Sandstorm gains to be unable to communicate with the outside world at all

19:07 <isd> There's a prefix like x-sandstorm-app- or something you can use.

19:07 <kentonv> but preventing low-bandwidth covert side channels is pretty much impossible

19:08 <kentonv> if a grain can get a token that represents access to itself, then it can leak that token via a low-bandwdith side channel in order to create a high-bandwidth channel

19:08 <abliss> isd: awesome, thanks, x-sandstorm-app- works

19:09 <isd> Not 100% sure that's the correct prefix, but it's documented in the capnp file.

19:09 <kentonv> moreover if a grain can get a token to itself that represents the authority of one particular user of the grain, and then can leak that to some other user or non-user, the recipient can impersonate the first user for the purpose of audit logs, etc.

19:11 <abliss> presumably you mean audit logs not written by the grain itself, because then why bother, but instead audit logs written by some higher level like sandstorm itself?

21:44 <isd> Hm, what does Sandstorm do if you supply both a bogus Authorization header and a _correct_ token in the path? I would expect the answer to be reject the request, but if it accepted it, you could do the proxy thing I described above and just rely on the fact that the Authorization header will be ignored...

21:45 <isd> But, all of this is contingent on Sandstorm not working the way I expect...

21:47 <isd> Ok, yeah, it only falls back to the path if the Authorization header is _absent_

21:48 <isd> ...though I guess we could invert the logic, so it just checks the path first... shrug

21:48 <abliss1> it seems to strip the authorization header.

21:50 <abliss1> i would love if it could be inverted so that when the path is present, the authorization header gets passed along as-is. but this does seems likely to leak a token in a misconfigured client.

21:51 <isd> What I would do: put a small http proxy in front of the matrix server, that catches calls to login: https://matrix.org/docs/api/client-server/#!/Session32management/login

21:52 <isd> record the token, and then when it gets a subsequent requests, fetches that token out of the db (based on X-Sandstorm-* headers passed by the bridge), and adds it back to the request before passing it on to the matrix server.

21:52 <abliss1> that doesn't work for federation api calls, which never login.

21:52 <abliss1> but it's fine. i have apache rewriting the header when it proxies, and then i hacked the python request object to restore the header.

21:53 <abliss1> next i need to add in your proxy, which is gonna require routing requests to your websocket thingy

21:53 <isd> Right, this only gets as far as client->server.

21:53 <abliss1> and if i end up using apache or nginx for that (instead of trying to figure out how python's twisted framework can be forced to do it), i can also do the header restoration at that layer.

21:54 <abliss1> it looks like matrix federation does a weird thing where the incoming request includes in its Authorization header a crypto signature, and then my server has to reach out to the originating server to fetch its public key, to verify that the request is really authorized by their backend. so i need the proxy before i can get any further.

21:55 <abliss1> (it also means, kinda unfortunately, nobody will be able to contact you from server X unless you have first, while logged in, tried to contact someone at server X, so that the powerbox could pop up a domain authorization.)

21:56 <abliss1> (i'm thinking someday, when the proxy wants to fire to a new domain due to a backend api request or scheduled event, it'll be able to store up the request for later, and pop up a notification, so you can be notified that someone is trying to reach you, and log in to authorized the back-connect. something similar will be useful for adding a new feed to ttrss through a mobile app. but that can be tabled for later.)

22:08 <isd> Part of me thinks matrix is just an example of an app that just needs full network access (or arbitrary HTTP anyway) in order to work. I don't know if we can build a reasonable UX around it trying to stick to per-host approvals.

22:15 <JacobWeisz[m]> Is there a way to move that sanely into a system grain type design then?

22:16 <JacobWeisz[m]> Should Sandstorm servers support multiple Matrix servers, or should there be a system grain that provides a Matrix server for Matrix client apps on the user side to connect to?

22:17 <isd> abliss: I'm staring at the draft you put together the other week, and while we talked about doing the outreach thing with matrix, I'm tempted to suggest instead we reach out chris lemmer webber to put our heads together on activitypub; they're one of the primary authors of the spec and are also pretty nuts about capabilities, so that seems like an easy way to start thinking about how to make stuff fit while hopefully having to

22:17 <isd> do less convincing up front.

22:17 <JacobWeisz[m]> I am not sure if there is a strong use case for "every user on the server provides their own Matrix server", and our currently incomplete email solution is similar: Sandstorm handles the mail server and users install mail client apps.

22:18 <isd> I think you could sensibly have a system grain that can fulfill requests for matrix client connections or such.

22:20 <abliss1> i can see a system/driver grain which exposes a capability like "given a matrix domain, fetch its public key". hard to imagine exfiltrating much data through that, so it could be permissionless, and might allow for any incoming federation request to be servicable without user interaction.

22:20 <isd> Office hours tonight. I'll post a new page and we can talk more about this then; I've got to help with dinner in a few.

22:21 <JacobWeisz[m]> Okay.

22:22 <JacobWeisz[m]> I really think anything that needs outright network access should probably be imagined as a system grain with normal grains being clients.

22:24 <JacobWeisz[m]> It also possibly gives us a way to ensure the outside facing protocol for federation talks standard ActivityPub, Matrix, whatever, but then we are free to set our own rules with how users then interact with our system grain on the other side.

23:45 <abliss1> in the abstract, i like the sound of that. but it's very hard for me to think concretely about system/driver grains without a working example to examine.

23:55 <JacobWeisz[m]> I imagine basically a plugin system for a Sandstorm server. A system/driver grain would be like an addon for the core functionality of the server.

23:56 <JacobWeisz[m]> And of course, the system grain is sandboxed. So it shouldn't increase the attack surface of the Sandstorm server as a whole.

23:57 <JacobWeisz[m]> Sandstorm currently handles email (poorly) but email is a good example of something that could possibly be punted out to a system grain.

23:58 <JacobWeisz[m]> The way Sandstorm handles inbound mail is that Sandstorm itself is the destination mail server, and then grains are basically mail clients that connect to it/receive mail from it.

23:58 <JacobWeisz[m]> As opposed to each user having their own mail server grains.