[tahoe-dev] XSRF attacks -- we need to do something about v0.5

zooko zooko at zooko.com
Thu Aug 23 19:29:10 UTC 2007


Following-up to my own post:

On Aug 22, 2007, at 9:40 AM, zooko wrote:

> By the way, it occurred to me that if the tahoe client didn't
> automatically map for you from the string "private" to the uri of
> your private vdrive's top-level directory, then this attack would not
> be able to disclose your confidential data.
>
> So, for example, we *could* patch v0.5 by removing that mapping!
>
> I'm not actually suggesting that we do this.  For one thing, it
> wouldn't prevent this attack from deleting your public data.  For
> another thing, people really benefit from being able to use the word
> "private" instead of a large random URI to refer to their private  
> data.

I was wrong about both of these.  This change does prevent an  
attacker from deleting your public data, and the other solution that  
we were considering also made the URL's less human-friendly for  
editing, remembering, cutting-and-pasting, etc.

So, as per ticket #98, we've gone ahead with the "just don't have a '/ 
vdrive/private/' feature" for v0.5.1.

Regards,

Zooko

tickets mentioned in this message:

http://allmydata.org/trac/tahoe/ticket/98



More information about the tahoe-dev mailing list