What could a malicious discovery or relay server do?

The certificate isn’t really “private”. It can be seen by anyone listening on the wire and contains a public key. Though in general your assessment is correct.

I’m assuming you’re referring to the relay servers here. The discovery servers syncthing uses by default are run only by the Syncthing Foundation (they can be changed to self-hosted ones in the settings).

The obvious and realistic attack for both malicious discovery server and relay servers is denial of service: A relay server can refuse to relay data, hence preventing successful sync. A discovery server can refuse to hand out connection information (or hand out wrong information, which is equivalent), also preventing sync.

Other than that, there isn’t anything possible without an explicit security vulnerability.

For relay servers, most of the data transferred is TLS-encrypted between the two syncthing peers. A relay server trying to inject or modify data packets would immediately fail data authentication in golang’s TLS implementation and the connection would be shutdown.

There is an exception though: The syncthing peer also has to exchange control information with the relay server itself. This data is, perhaps confusingly, also TLS encrypted, but in this case the relay server is the other end of the connection and hence can read the plain data. A security vulnerability in the relay protocol or its implementation might have more severe consequences. However, note that syncthing is written in Go, a memory safe language, which automatically prevents many common software vulnerabilities such as buffer overflow attacks. There has been one reported security vulnerability in the relay protocol implementation in the past, resulting in a client crash without data leaks.

The discovery server speaks HTTPS with the syncthing client. The implementation is golang’s standard HTTP client. Only connection metadata is exchanged via it. Its primary point of concern is privacy, since it can track IP addresses over a period of time (possibly geoprofiling users).

The TLS and http implementations used in syncthing are both widely used and were written by security professionals working for Google.

6 Likes