Prevent a DOS-attack / OS-crash by flooding /tmp by including a confirmation-dialogue
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Woof |
Confirmed
|
Medium
|
Tobias Baldauf |
Bug Description
Right now, there is no limit as to the size of files an uploader can sent to woof -U's webserver.
Therefore, it is possible to crash the Host's OS by sending a really large file (e.g. > 2GB) because it will be temporarily stored in /tmp, which will fill up the partition on which it is being written. Once the partition containing /tmp is full, the OS will become unresponsive.
The easiest solution - without restricting Woof's usability in sending whatever kind of file - is to enforce a confirmation-
There a 2 problems to this:
a) How do we determine the correct file-size of the file that the uploader wants to transmit? If we use client-side technology (JS), this may easily be manipulated.
b) How do we display a confirmation-
This problem needs research. Input on how to fix it is always welcome!
Related branches
Changed in woofgui: | |
assignee: | nobody → Tobias Baldauf (technopagan) |