[tahoe-dev] Authority to DoS via WAPI

Toby Murray toby.murray at comlab.ox.ac.uk
Mon Jan 19 12:51:42 UTC 2009 

On Sun, 2009-01-18 at 11:30 -0700, zooko wrote:
> 1.  Please add doc to http://allmydata.org/trac/tahoe/browser/docs/ 
> configuration.txt about this option.  Possibly in http:// 
> allmydata.org/trac/tahoe/browser/docs/frontends/webapi.txt as well.

See the patch below.


diff -rc docs.orig/configuration.txt docs/configuration.txt
*** docs.orig/configuration.txt	2009-01-15 02:02:50.000000000 +0000
--- docs/configuration.txt	2009-01-19 12:31:37.000000000 +0000
***************
*** 70,75 ****
--- 70,89 ----
   With the default settings, http://127.0.0.1:3456/static/foo.html will serve
   the contents of $BASEDIR/public_html/foo.html .
  
+ web.ambient_upload_authority = (boolean, optional)
+ 
+  This controls whether a node's web server should provide "ambient"
+  upload/create authority by controlling whether it responds to PUT and
+  POST requests that do not contain a cap -- i.e. those for uploading
+  new unlinked files and creating new unlinked directories. If set to
+  True, a node will respond to these requests as usual.  If set to
+  False, a node will instead refuse these requests, returning an HTTP
+  status of 'Bad Request'.  The default value is True.
+ 
+  Note that setting this to False does not prevent performing operations
+  on files and directories that already exist, since all of these operations
+  require the presentation of a cap.
+ 
  tub.port = (integer, optional)
  
   This controls which port the node uses to accept Foolscap connections from
diff -rc docs.orig/frontends/webapi.txt docs/frontends/webapi.txt
*** docs.orig/frontends/webapi.txt	2009-01-15 00:09:22.000000000 +0000
--- docs/frontends/webapi.txt	2009-01-19 12:37:46.000000000 +0000
***************
*** 320,325 ****
--- 320,328 ----
   mutable file, and return its write-cap in the HTTP respose. The default is
   to create an immutable file, returning the read-cap as a response.
  
+  Note that this operation is available only when the configuration setting
+  'web.ambient_upload_authority' is not False (see configuration.txt).
+ 
  === Creating A New Directory ===
  
  POST /uri?t=mkdir
***************
*** 330,335 ****
--- 333,341 ----
   virtual drive. The "PUT" operation is provided for backwards compatibility:
   new code should use POST.
  
+  Note that these operations are available only when the configuration setting
+  'web.ambient_upload_authority' is not False (see configuration.txt).
+ 
  POST /uri/$DIRCAP/[SUBDIRS../]SUBDIR?t=mkdir
  PUT /uri/$DIRCAP/[SUBDIRS../]SUBDIR?t=mkdir
  
***************
*** 572,577 ****
--- 578,586 ----
   "false"), then the HTTP response body will simply be the write-cap of the
   new directory.
  
+  Note that this operation is available only when the configuration setting
+  'web.ambient_upload_authority' is not False (see configuration.txt).
+ 
  POST /uri/$DIRCAP/[SUBDIRS../]?t=mkdir&name=CHILDNAME
  
   This creates a new directory as a child of the designated SUBDIR. This will
***************
*** 616,621 ****
--- 625,632 ----
   the upload results page. The default is to create an immutable file,
   returning the upload results page as a response.
  
+  Note that this operation is available only when the configuration setting
+  'web.ambient_upload_authority' is not False (see configuration.txt).
  
  POST /uri/$DIRCAP/[SUBDIRS../]?t=upload

More information about the tahoe-dev mailing list