File: known_issues.rst.rej

package info (click to toggle)
tahoe-lafs 1.9.2-1
  • links: PTS, VCS
  • area: main
  • in suites: wheezy
  • size: 7,240 kB
  • sloc: python: 71,758; makefile: 215; lisp: 89
file content (61 lines) | stat: -rw-r--r-- 2,581 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
--- docs/known_issues.rst
+++ docs/known_issues.rst
@@ -14,10 +14,9 @@
 .. _the "historical known issues" document: historical/historical_known_issues.txt
 
 
-Known Issues in Tahoe-LAFS v1.9.0, released 31-Oct-2011
+Known Issues in Tahoe-LAFS v1.9.1, released 12-Jan-2012
 =======================================================
 
-  *  `Integrity Failure during Mutable Downloads`_
   *  `Potential unauthorized access by JavaScript in unrelated files`_
   *  `Potential disclosure of file through embedded hyperlinks or JavaScript in that file`_
   *  `Command-line arguments are leaked to other local users`_
@@ -27,46 +26,6 @@
 
 ----
 
-Integrity Failure during Mutable Downloads
---------------------------------------------------------------
-
-Under certain circumstances, the integrity-verification code of the mutable
-downloader could be bypassed. Clients who receive carefully crafted shares
-(from attackers) will emit incorrect file contents, and the usual
-share-corruption errors would not be raised. This only affects mutable files
-(not immutable), and only affects downloads that use doctored shares. It is
-not persistent: the threat is resolved once you upgrade your client to a
-version without the bug. However, read-modify-write operations (such as
-directory manipulations) performed by vulnerable clients could cause the
-attacker's modifications to be written back out to the mutable file, making
-the corruption permanent.
-
-The attacker's ability to manipulate the file contents is limited. They can
-modify FEC-encoded ciphertext in all but one share. This gives them the
-ability to blindly flip bits in roughly 2/3rds of the file (for the default
-k=3 encoding parameter). Confidentiality remains intact, unless the attacker
-can deduce the file's contents by observing your reactions to corrupted
-downloads.
-
-This bug was introduced in 1.9.0, as part of the MDMF-capable downloader, and
-affects both SDMF and MDMF files. It was not present in 1.8.3.
-
-*how to manage it*
-
-There are three options:
-
-* Upgrade to 1.9.1, which fixes the bug
-* Downgrade to 1.8.3, which does not contain the bug
-* If using 1.9.0, do not trust the contents of mutable files (whether SDMF or
-  MDMF) that the 1.9.0 client emits, and do not modify directories (which
-  could write the corrupted data back into place, making the damage
-  persistent)
-
-
-.. _#1654: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1654
-
-----
-
 Potential unauthorized access by JavaScript in unrelated files
 --------------------------------------------------------------