Opened at 2012-01-09T04:44:37Z
Last modified at 2012-01-19T05:56:19Z
#1654 closed defect
placeholder — at Version 2
| Reported by: | warner | Owned by: | nobody |
|---|---|---|---|
| Priority: | supercritical | Milestone: | 1.9.1 |
| Component: | code-mutable | Version: | 1.9.0 |
| Keywords: | integrity mutable | Cc: | |
| Launchpad Bug: |
Description (last modified by warner)
This is the ticket where we will track the details of a failure of assurance of integrity. For now, here is the announcement:
Dear Tahoe-LAFS Users: Kevan Carstensen of the Tahoe-LAFS core team has discovered a security vulnerability in Tahoe-LAFS v1.9.0 which would allow a sufficiently clever attacker to corrupt the retrieval of mutable files or directories which are retrieved with v1.9.0 or, in some cases, to corrupt the stored copy of mutable files or directories which are updated with v1.9.0. The recommended defensive action for all users is to downgrade to v1.8.3, or to refrain from using mutable files (either SDMF or MDMF) with 1.9.0. A FAQ about downgrading from 1.9.0 to 1.8.3, which was written before we discovered this critical security vulnerability, is here: https://tahoe-lafs.org/pipermail/tahoe-dev/2011-December/006905.html The FAQ is no longer accurate about 1.9.0 being free of dangerous flaws, but it is still accurate about 1.8.3 being free of compatibility problems. We'll be providing a patch soon. We are still writing tests for it and searching for other similar bugs and so on. Of course, as soon as we release the patch, this will inform any attackers of exactly what they could do to users of 1.9.0. Therefore, if there are any users who are especially security-sensitive, then they should downgrade to 1.8.3 before we release the patch, or else they should suspend their use of mutable files and directories until we released the patch and they've applied it. Once we are ready to publish the details of the issue we will post them to this issue tracker ticket: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1654 Please feel free to contact me with any questions or concerns, using GPG encryption. Please Cc: Brian Warner, David-Sarah Hopwood, and Kevan Carstensen on all such email. Regards, Zooko Wilcox-O'Hearn, on behalf of the Tahoe-LAFS core team GPG fingerprints: Brian Warner <warner-tahoe@lothar.com> 967E FE06 6998 7241 1A77 DF36 D43B 4C9C 7322 5AAF David-Sarah Hopwood <david-sarah@jacaranda.org> 3D6A 08E9 1262 3E9A 00B2 1BDC 067F 4920 98CF 2762 Kevan Carstensen <kevan@isnotajoke.com> 7E1E 99DB 97B1 DD5F 8154 5973 8E6B 2106 2425 D7AE Zooko Wilcox-O'Hearn <zooko@zooko.com> A60B 7EE1 7164 D0C5 F137 3868 5F22 F428 242B E85F
Change History (3)
comment:1 Changed at 2012-01-09T06:54:32Z by zooko
- Description modified (diff)
- Keywords integrity added
- Milestone changed from undecided to 1.9.1
- Priority changed from major to supercritical
Changed at 2012-01-09T06:55:02Z by zooko
comment:2 Changed at 2012-01-09T08:10:44Z by warner
- Description modified (diff)
Note: See
TracTickets for help on using
tickets.
fixed formatting of announcement, removed pubkeys, removed signature wrapper (not verifiable here)