Page MenuHomePhabricator

Upload Stash API allows some kinds of resource exhaustion
Closed, ResolvedPublic

Description

Author: neilk

Description:
It is possible to mount an attack on the server by using UploadStash to:

  • upload zillions of small files (# of files per directory)
  • upload many very large files (disk usage)

Expiry can't happen in less than a few hours since it may actually take that amount of time to upload some large videos.

Not easy to do this just by examining the file system, since temp files are hashed up in directories, and aren't associated with a user or IP.

Simple solution:

  • simple crontabs on the server to clean up temp files with a reasonable time frame like anything older than 3 days
  • guard methods on the UploadStash object to cycle out a user's old objects when they have more than 100 abandoned temp files, or more than 100 total MB

Version: unspecified
Severity: normal

Details

Reference
bz26063

Event Timeline

bzimport raised the priority of this task from to Low.Nov 21 2014, 11:16 PM
bzimport added a project: UploadWizard.
bzimport set Reference to bz26063.
bzimport added a subscriber: Unknown Object (MLST).

neilk wrote:

Asked Roan for comments -- Roan notes that a global limit would be a better guard against DOS. The worst case scenario is then files would be cycled out too quickly.

neilk wrote:

Decided this is not a blocker for UploadWizard, but it is a general API bug

Some sort of garbage collection could handle this in MW or a cron
script

Weekly cron has been running for months now.