[tahoe-lafs-trac-stream] [tahoe-lafs] #1528: escalation of authority from knowing a storage index to being able to delete corresponding shares
tahoe-lafs
trac at tahoe-lafs.org
Tue Sep 13 15:10:04 PDT 2011
#1528: escalation of authority from knowing a storage index to being able to
delete corresponding shares
-------------------------+-------------------------------------------------
Reporter: zooko | Owner: davidsarah
Type: defect | Status: closed
Priority: | Milestone: 1.8.3
critical | Version: 1.9.0a1
Component: code- | Keywords: security preservation anti-
storage | censorship storage leases
Resolution: fixed |
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by zooko@…):
In [5257/trunk]:
{{{
#!CommitTicketReference repository="trunk" revision="5257"
immutable: prevent clients from reading past the end of share data, which
would allow them to learn the cancellation secret
Declare explicitly that we prevent this problem in the server's version
dict.
fixes #1528 (there are two patches that are each a sufficient fix to #1528
and this is one of them)
}}}
--
Ticket URL: <http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1528#comment:8>
tahoe-lafs <http://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list