Skip to content

[Bug] Taildrop between un-tagged and tagged nodes works #2462

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
3 of 4 tasks
lukaslindnermusic opened this issue Mar 4, 2025 · 1 comment
Open
3 of 4 tasks

[Bug] Taildrop between un-tagged and tagged nodes works #2462

lukaslindnermusic opened this issue Mar 4, 2025 · 1 comment
Labels
bug Something isn't working no-stale-bot tags

Comments

@lukaslindnermusic
Copy link

Is this a support request?

  • This is not a support request

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

I just tried to send a file from my vps (that has the tag tag:server) to my macbook (that has no tags assigned). And it worked. Without any intervention, it straightup placed the file in my Downloads folder.
The server-tagged devices are not allowed to talk to my personal devices, but fine, Taildrop ignores ACLs. But as it mentions in the docs, that you cannot use Taildrop to send files to and from nodes you have tagged., I think that this is a bug.

Can anyone reproduce this?

Expected Behavior

According to https://tailscale.com/kb/1106/taildrop, Taildrop permits you to share files between devices that you are logged in to, even if ACLs are used to restrict access to the devices. You cannot use Taildrop to send files to and from nodes you have tagged..

Therefore, it should not be possible to send files from tagged nodes to un-tagged nodes and vice versa.

(It also would be amazing if there could be a flag in the config to disable Taildrop completely, as this is also possible to disable in the Tailscale Admin Console. I will create a separate feature request for that.)

Steps To Reproduce

  1. Access a node that has a tag assigned.
  2. Prepare the tailnet ip of a target device without tags.
  3. Use sudo tailscale file cp <yourfile.png> <target-ip>:
  4. If the target is linux, use sudo tailscale file get to see, if it arrives. on macOS it should already land in the Downloads folder right away.

Environment

- OS: Ubuntu 24.04
- Headscale version: v0.25.1
- Tailscale version: 1.80.2 / 1.80.1

Runtime environment

  • Headscale is behind a (reverse) proxy
  • Headscale runs in a container

Anything else?

No response
@lukaslindnermusic lukaslindnermusic added the bug Something isn't working label Mar 4, 2025
@kradalby kradalby added the tags label Mar 16, 2025
@kradalby
Copy link
Collaborator

You are right, this does not conform with upstream, I've attached this to our tags tracking bug, the plan is to go over the whole tag system as it is broken in several ways.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working no-stale-bot tags
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kradalby @nblock @lukaslindnermusic