#187 closed defect (duplicate)
security flaw: directory server can escalate read access into write access
| Reported by: | zooko | Owned by: | nobody |
|---|---|---|---|
| Priority: | critical | Milestone: | 0.7.0 |
| Component: | unknown | Version: | 0.6.1 |
| Keywords: | security access-control directory | Cc: | |
| Launchpad Bug: |
Description
The current scheme to prevent users who haven't been granted write access from writing updates to directories doesn't prevent the server that hosts the directory from writing to it if the server has been granted read access to the directory.
That is: the intent is that you can grant a person read-only access while withholding read-write access, and this intent works as far as the person doesn't control the directory server, but if you grant read access to the directory server then it can also gain write access, which wasn't intended.
For example, the current test grid is configured so that everyone uses the same directory server (because the vdrive.furl file that you put into your node directory before you launch your node points to that server). If you give one of the allmydata folks a read-only view on a directory of yours, we can use that read access plus our control of the directory server to change the contents of your directory.
Change History (2)
comment:1 Changed at 2007-11-01T17:09:48Z by zooko
- Resolution set to duplicate
- Status changed from new to closed
comment:2 Changed at 2007-11-01T18:12:49Z by zooko
- Milestone changed from 0.6.2 to 0.7.0
Milestone 0.6.2 deleted
Small Distributed Mutable Files will fix this. Merging into #197.