[tahoe-dev] [tahoe-lafs] #956: embed security metadata in parent directory

tahoe-lafs trac at allmydata.org
Sun Feb 14 22:06:49 PST 2010


#956: embed security metadata in parent directory
----------------------------------------------+-----------------------------
 Reporter:  zooko                             |           Owner:           
     Type:  defect                            |          Status:  new      
 Priority:  major                             |       Milestone:  undecided
Component:  code-dirnodes                     |         Version:  1.6.0    
 Keywords:  mutable newcaps newurls metadata  |   Launchpad_bug:           
----------------------------------------------+-----------------------------
 #954 (revoke write authority), #955 (use client-side storage to defend
 against rollback attack) and not-yet-ticketed "LAFS 301 Moved Permanently"
 all involve a small fixed amount of metadata.

 A "highest known version number" for a mutable file or directory, which
 according to #955 could be stored in a client to prevent that client from
 perceiving a rollback could ''also'' be stored in a parent directory which
 links to that mutable file or directory, thus preventing someone who
 accesses the file through that parent directory from seeing a rollback to
 a version earlier than the most recent known version when that child link
 was last updated.

 A LAFS 301 Moved Permanently marker has to be stored in the shares with
 the file content itself, but it could ''also'' be copied into a parent
 directory that linked to that file, thus optimizing out a round trip to
 the old location and also preventing a rollback attack from undoing the
 Moved Permanently (from the perspective of someone accessing the file
 through that parent directory).

 Likewise, a write-authority-revocation marker, a.k.a. a "petrification
 marker" has to live in the shares next to the file contents itself, but it
 could ''also'' be copied into a directory which links to that file,
 preventing rollback attack from unpetrifying the file (from the
 perspective of someone accessing the file through that parent directory).

-- 
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/956>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid


More information about the tahoe-dev mailing list