[tahoe-dev] [tahoe-lafs] #956: embed security metadata in parent directory
tahoe-lafs
trac at allmydata.org
Sun Feb 14 22:06:49 PST 2010
#956: embed security metadata in parent directory
----------------------------------------------+-----------------------------
Reporter: zooko | Owner:
Type: defect | Status: new
Priority: major | Milestone: undecided
Component: code-dirnodes | Version: 1.6.0
Keywords: mutable newcaps newurls metadata | Launchpad_bug:
----------------------------------------------+-----------------------------
#954 (revoke write authority), #955 (use client-side storage to defend
against rollback attack) and not-yet-ticketed "LAFS 301 Moved Permanently"
all involve a small fixed amount of metadata.
A "highest known version number" for a mutable file or directory, which
according to #955 could be stored in a client to prevent that client from
perceiving a rollback could ''also'' be stored in a parent directory which
links to that mutable file or directory, thus preventing someone who
accesses the file through that parent directory from seeing a rollback to
a version earlier than the most recent known version when that child link
was last updated.
A LAFS 301 Moved Permanently marker has to be stored in the shares with
the file content itself, but it could ''also'' be copied into a parent
directory that linked to that file, thus optimizing out a round trip to
the old location and also preventing a rollback attack from undoing the
Moved Permanently (from the perspective of someone accessing the file
through that parent directory).
Likewise, a write-authority-revocation marker, a.k.a. a "petrification
marker" has to live in the shares next to the file contents itself, but it
could ''also'' be copied into a directory which links to that file,
preventing rollback attack from unpetrifying the file (from the
perspective of someone accessing the file through that parent directory).
--
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/956>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid
More information about the tahoe-dev
mailing list