diff options
author | 2016-04-28 16:07:10 -0400 | |
---|---|---|
committer | 2016-04-28 16:07:10 -0400 | |
commit | ee5a28cc2e2a5821aac4ad07662d0b424235d072 (patch) | |
tree | 83078fbf277a7829149f9c99d8a1db8c6559c88f /doc | |
parent | c4185df50827608161d6c93fc7ed2dbd3bc91257 (diff) |
correction of scope of security problem
AFAICS, it's not only affecting resumes, but any upload to a special remote
with chunking enabled.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/bugs/External_special_remote_broken__63__/comment_1_904a186a6400506303cad772ac1a6751._comment | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/doc/bugs/External_special_remote_broken__63__/comment_1_904a186a6400506303cad772ac1a6751._comment b/doc/bugs/External_special_remote_broken__63__/comment_1_904a186a6400506303cad772ac1a6751._comment index e50f00afb..7fb3b08e5 100644 --- a/doc/bugs/External_special_remote_broken__63__/comment_1_904a186a6400506303cad772ac1a6751._comment +++ b/doc/bugs/External_special_remote_broken__63__/comment_1_904a186a6400506303cad772ac1a6751._comment @@ -10,9 +10,6 @@ non-chunked form, since a remote can be reconfigured to add chunking. So it's nothing to worry about. The lack of encryption of the key when checking to resume is definitely a -bug. A bit of a security bug too, although it only happens when resuming -uploads. (I double checked the other operations and they all encrypt keys) -I suppose that if the server was hostile, it could randomly make -uploads fail, in order to get git-annex to expose content keys via -this bug when resuming. +bug. A bit of a security bug too. +(I double checked the other operations and they all encrypt keys) """]] |