[tahoe-dev] Authority to DoS via WAPI
zooko
zooko at zooko.com
Sun Jan 18 10:30:34 PST 2009
Thanks, Toby!
I applied your patch, [3440], and I have the following comments or
requests about it:
1. Please add doc to http://allmydata.org/trac/tahoe/browser/docs/
configuration.txt about this option. Possibly in http://
allmydata.org/trac/tahoe/browser/docs/frontends/webapi.txt as well.
2. Do I understand correctly that this prevents people from doing
any PUTs or POSTs to URLs that begin with "uri/"? That seems just
about right -- it prevents adding new files or changing the contents
of files even if you know the write-cap to a file or a directory.
But what about the check, verify, repair, manifest, and stats
commands listed at the end of webapi.txt. I'm not 100% sure why we
made these available through POST instead of through GET -- perhaps
because they have the "side effect" of causing a potentially large
amount of CPU, network, and disk work even though they don't have any
"side effects" on the filesystem graph of directories and files.
Currently, if web.ambient_upload_authority is false then you can't do
those check, repair, etc. operations. Is that what you intend?
3. Maybe for the test we could use du() from fileutil (http://
allmydata.org/trac/tahoe/browser/src/allmydata/util/fileutil.py ,
also known as http://allmydata.org/trac/pyutil/browser/pyutil/pyutil/
fileutil.py ) to assert that the filesystem usage on the server isn't
greater after the client attempted to upload something.
Regards,
Zooko
patches mentioned in this e-mail:
http://allmydata.org/trac/tahoe/changeset/3440
More information about the tahoe-dev
mailing list