Comment 17 for bug 1196932
Revision history for this message
| John Dickinson (notmyname) wrote Re: Possibly DoS attack using object tombstones | #17 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
9199653
demo site
(Get the code!)
Whoops. Further discovery has revealed that the listdir that matters (line 216 of obj/server.py) is not in a threadpool. This means threadpools don't help.
I vote for keeping this a security issue because it would allow an attacker to hang a storage node (as Peter described with DELETEs and GETs) or to cause replication and general cluster performance issues by creating so many filesystem objects.