[tahoe-dev] XSRF attacks -- we need to do something about v0.5

zooko ZOOKO at zooko.com
Tue Aug 21 11:57:44 PDT 2007


I just realized that the v0.5 release announcement [1], sent out last  
Friday, says:

Because this software is new, it is not yet recommended for storage of
highly confidential data nor for important data which is not otherwise
backed up. Given that caveat, this software works and there are no
known security flaws which would compromise confidentiality or data

However, thanks to nejucomo, we *do* know of a security flaw which  
would compromise confidentiality or integrity.

In order to be honest with our users and potential users, we should  
add a note to the http://allmydata.org front page, which says  
something like:

The v0.5 release of Tahoe is vulnerable to an XSRF attack.  An XSRF  
-- or "Cross-Site Reference Forgery" attack is one in which an  
attacker creates an innocuous-looking hyperlink, and if a user clicks  
on that hyperlink then it causes deletion or theft of the user's  
data.  We are working on a fix for this problem, and in the meantime  
if you have stored any private or precious data on a tahoe grid, then  
you can make sure that you are not exposed to this threat by shutting  
down your tahoe node before browsing the web.

As usual, I want Brian's feedback on this proposal.



[1] http://allmydata.org/trac/tahoe/browser/relnotes.txt?rev=1129

More information about the tahoe-dev mailing list