python-swiftclient

Possibility for data leakage when setting the same version location on separate containers

Bug #1138531 reported by Jasdeep Singh Hundal on 2013-03-01

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	python-swiftclient	In Progress	Wishlist	Elvis Teixeira

Bug Description

If you assign two containers to be versioned to the same container, you can get a leak where deleted objects in one container can be replaced by an old version of an object of the same name from the second container. Pretty sure this is not desireable behavior since this allows someone's versioned data to be lost by being moved to another container.

See original description

Jasdeep Singh Hundal (jasdeep-hundal) on 2013-03-01

description:

updated

Revision history for this message

Chmouel Boudjnah (chmouel) wrote on 2013-03-02: Re: [Bug 1138531] [NEW] Data leakage when setting the same version location on separate containers

Well if you have given this user access to this container (by the mean
of ACL i suppose) you should expect he can access all the data there.

Revision history for this message

Jasdeep Singh Hundal (jasdeep-hundal) wrote on 2013-03-02: Re: Data leakage when setting the same version location on separate containers

This is true, but at the very least, it'll be pretty surprising to see data you never put in a container show up in yours/somehow lose your versioned data to a different container. Granted this is undefined behavior right now...

Jasdeep Singh Hundal (jasdeep-hundal) on 2013-03-04

description:	updated
summary:	- Data leakage when setting the same version location on separate - containers + Possibility for data leakage when setting the same version location on + separate containers

Revision history for this message

Kun Huang (academicgareth) wrote on 2013-03-05:

I think if we can change .../object into account/container/object, it well be fixed.
I'm not sure. I'm checking it.

Revision history for this message

Samuel Merritt (torgomatic) wrote on 2013-03-05:

The place to fix this is in the client, IMHO. The client should set X-Container-Meta-Versions-For: somecontainer (or whatever header you want to use) when it turns on versioning, and if there's already one present, it should warn the user or abort the operation or something.

affects:	swift → python-swiftclient
Changed in python-swiftclient:
importance:	Undecided → Wishlist
status:	New → Confirmed

Revision history for this message

Jasdeep Singh Hundal (jasdeep-hundal) wrote on 2013-03-05:

Moreso opened this ticket for clarification, but fixing it with a X-Container-Meta-Versions-For header precludes the use of one versioning container for a variety of other containers (may be a valid use case for having all object backups to one container?). I'd prefer labeling previous versions with their account/container, with the migration path being defaulting to the old behavior for versions w/o the extra label.

Revision history for this message

Kun Huang (academicgareth) wrote on 2013-03-05:

sam,
The header is "X-Versions-Location". And the api own doesn't support such warning, which in swift codes.

Jasdeep,
I agree with using "account/container", and some codes maybe want to implement it but seems failed.
And I think the version container (contains versioned data) should store data as "account/container/fffobject/timestamp", which is more readable and fix this bug.

Changed in python-swiftclient:
assignee:	nobody → Kun Huang (academicgareth)
assignee:	Kun Huang (academicgareth) → nobody

Elvis Teixeira (elvis-teixeira) on 2015-02-06

Changed in python-swiftclient:
assignee:	nobody → Elvis Teixeira (elvis-teixeira)

Revision history for this message

Elvis Teixeira (elvis-teixeira) wrote on 2015-02-12:

I have prepended the source container name to the versioned object to
be stored, a patch was submitted

Revision history for this message

Elvis Teixeira (elvis-teixeira) wrote on 2015-02-24:

Mr. Samuel Merritt warned me that my change would break compatibility with existing
code, and jenkins tests failed because they expeced the old-fashioned logic. I have a new
change proposal that includes backwards comatibility and the corresponding changes in the
test cases. I am commiting it now.

Elvis Teixeira (elvis-teixeira) on 2015-02-26

Changed in python-swiftclient:
status:	Confirmed → In Progress

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.