[tahoe-lafs-trac-stream] [tahoe-lafs] #1198: Bogus tub location causes introducer error

tahoe-lafs trac at tahoe-lafs.org
Thu Oct 17 17:00:07 UTC 2013 

#1198: Bogus tub location causes introducer error
-------------------------------+-------------------------------------------
     Reporter:  akp            |      Owner:
         Type:  defect         |     Status:  new
     Priority:  major          |  Milestone:  soon
    Component:  code-          |    Version:  1.4.1
  frontend-web                 |   Keywords:  error introducer security DoS
   Resolution:                 |
Launchpad Bug:                 |
-------------------------------+-------------------------------------------
Changes (by daira):

 * keywords:  error introducer => error introducer security DoS
 * milestone:  undecided => soon


Old description:

> I had a misconfiguration during my first attempt to connect to the
> "volunteergrid" and had my "tub.location" set to a directory
> (/home/tahoe/data) instead of a hostname.
>
> Unfortunately it looks like the introducer has remembered this
> misconfiguration and is unable to present its web interface:
> http://introducer.volunteergrid.org:8123/ currently says "<type
> 'exceptions.ValueError'>: unknown FURL prefix in
> 'pb://5el4pxsjpfi22zycs27wikrgaaxcn5jh@/home/tahoe/data/3mz2c7mmgsa6otlugokvv4ao4pu2h4eb'"
>
> I would think the introducer should ignore bogus entries like this.

New description:

 I had a misconfiguration during my first attempt to connect to the
 "volunteergrid" and had my "tub.location" set to a directory
 (/home/tahoe/data) instead of a hostname.

 Unfortunately it looks like the introducer has remembered this
 misconfiguration and is unable to present its web interface:
 http://introducer.volunteergrid.org:8123/ currently says "<type
 'exceptions.ValueError'>: unknown FURL prefix in
 'pb://5el4pxsjpfi22zycs27wikrgaaxcn5jh@/home/tahoe/data/3mz2c7mmgsa6otlugokvv4ao4pu2h4eb'"

 I would think the introducer should ignore bogus entries like this.

--

Comment:

 Huh, this is a serious bug (that any client can cause an introducer DoS,
 even unintentionally). Does it still exist?

-- 
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1198#comment:3>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage

More information about the tahoe-lafs-trac-stream mailing list