[tahoe-lafs-trac-stream] [Tahoe-LAFS] #3763: Potential issues with `PUT /v1/lease/:storage_index` in GBS protocol
Tahoe-LAFS
trac at tahoe-lafs.org
Wed Aug 18 14:39:42 UTC 2021
#3763: Potential issues with `PUT /v1/lease/:storage_index` in GBS protocol
--------------------------+-----------------------------------
Reporter: itamarst | Owner: exarkun
Type: task | Status: new
Priority: normal | Milestone: HTTP Storage Protocol
Component: unknown | Version: n/a
Resolution: | Keywords:
Launchpad Bug: |
--------------------------+-----------------------------------
Comment (by exarkun):
Some more background related to lease cancellation:
{{{
commit 5476f67dc1177a26b69fd67fbe589842f065d482
Author: Zooko O'Whielacronx <zooko at zooko.com>
Date: Mon Sep 12 15:23:31 2011 -0700
storage: remove the storage server's "remote_cancel_lease" function
We're removing this function because it is currently unused, because
it is dangerous, and because the bug described in #1528 leaks the
cancellation secret, which allows anyone who knows a file's storage index
to abuse this function to delete shares of that file.
fixes #1528 (there are two patches that are each a sufficient fix to
#1528 and this is one of them)
commit 65de17245da26a4ce00aa7c441d6bf81464a6e65
Author: Zooko O'Whielacronx <zooko at zooko.com>
Date: Mon Sep 12 15:23:24 2011 -0700
storage: test that the storage server does *not* have a
"remote_cancel_lease" function
We're removing this function because it is currently unused, because
it is dangerous, and because the bug described in #1528 leaks the
cancellation secret, which allows anyone who knows a file's storage index
to abuse this function to delete shares of that file.
ref. #1528
commit cffc98780414760c8d5f751c5841856b3207cce3
Author: Zooko O'Whielacronx <zooko at zooko.com>
Date: Mon Sep 12 15:12:01 2011 -0700
immutable: test whether the server allows clients to read past the end
of share data, which would allow them to learn the cancellation secret
Also test whether the server explicitly declares that it prevents this
problem.
ref #1528
}}}
ticket:1528
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/3763#comment:7>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list