Woof

Prevent a DOS-attack / OS-crash by flooding /tmp by including a confirmation-dialogue

Bug #673993 reported by Tobias Baldauf on 2010-11-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Woof	Confirmed	Medium	Tobias Baldauf	Woof wolowizard

Bug Description

Right now, there is no limit as to the size of files an uploader can sent to woof -U's webserver.

Therefore, it is possible to crash the Host's OS by sending a really large file (e.g. > 2GB) because it will be temporarily stored in /tmp, which will fill up the partition on which it is being written. Once the partition containing /tmp is full, the OS will become unresponsive.

The easiest solution - without restricting Woof's usability in sending whatever kind of file - is to enforce a confirmation-dialogue on the Host-machine when certain boundaries are crossed: Say, if an uploader wants to send more than X megabytes of data, this needs to be manually confirmed by the host.

There a 2 problems to this:
a) How do we determine the correct file-size of the file that the uploader wants to transmit? If we use client-side technology (JS), this may easily be manipulated.
b) How do we display a confirmation-dialogue if one of Woof's main goals is to keep out of the way & not to rely on GTK-windows as a GUI?

This problem needs research. Input on how to fix it is always welcome!

Related branches

lp:woofgui

Tobias Baldauf (technopagan) on 2010-11-11

Changed in woofgui:
assignee:	nobody → Tobias Baldauf (technopagan)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.