[tahoe-dev] [tahoe-lafs] #995: It's way too easy to give away write directory caps
tahoe-lafs
trac at tahoe-lafs.org
Mon Dec 13 06:39:38 UTC 2010
#995: It's way too easy to give away write directory caps
-----------------------------------+----------------------------------------
Reporter: jsgf | Owner: nobody
Type: defect | Status: new
Priority: major | Milestone: undecided
Component: code-frontend-web | Version: 1.6.0
Resolution: | Keywords: wui jsui usability confidentiality capleak
Launchpad Bug: |
-----------------------------------+----------------------------------------
Comment (by zooko):
A user accidentally pasted a cap to private data to IRC just now. It
wasn't a directory, and they hadn't intended to give away read-access at
all, but they accidentally gave away read+write access. The fact that the
file happened to be mutable (which it arguably shouldn't have been since
the content wasn't intended to change) was the only saving grace -- the
user was able to overwrite the file in order to remove the original data
from public access.
The contents that were originally in the file were apparently !BitCoins
which are inherently valuable, so the user was glad to be able to hide
them.
--
Ticket URL: <http://tahoe-lafs.org/trac/tahoe-lafs/ticket/995#comment:12>
tahoe-lafs <http://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-dev
mailing list