Comment 4 for bug 1196932
Revision history for this message
| Samuel Merritt (torgomatic) wrote Re: Possibly DoS attack using object tombstones | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
demo site
(Get the code!)
I'm going to try to paraphrase what goes on here in order to help me understand what's going on. Please correct me if I'm wrong.
Step 1: PUT object, X-Timestamp: t # works
Step 2: DELETE object, X-Timestamp: t+1 # deletes object, creates tombstone w/timestamp at t+1
Step 3: DELETE object, X-Timestamp: t-1 # creates tombstone w/timestamp at t-1
The bug is that Swift will create a tombstone with timestamp t-1 even though there's already a tombstone with a newer time, and so by spamming DELETE requests with timestamps (t-1, t-2, t-3, ...), a user can cause the creation of tons of 0-byte files.
Is that a reasonable restatement of this bug, or am I way off base here?