Comment 0 for bug 1453948
Revision history for this message
| clayg (clay-gerrard) wrote all PUT tempurls leak existence via DLO manifest attack | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
513534c
demo site
(Get the code!)
If you get a PUT tempurl you can use DLO's to find objects in the container, or in the account.
If you are allowed to upload a DLO via PUT tempurl and the application that generated the tempurl believes it safe to generate a GET tempurl for the data they just authorized you to upload - they may accidentally authorize you to download any previously discovered data.
We should now allow uses to PUT DLO's via tempurl - it's currently insecure because of the existence leak attack; and can be difficult to reason about safely for application authors generating tempurls.