[cap-talk] Prevent CSRF attacks by making resources unforgeable, not by making them unshareable.

Toby Murray toby.murray at comlab.ox.ac.uk
Thu Jul 17 04:05:53 CDT 2008


I liked your explanation of CSRF attacks and Tahoe's approach to
avoiding them. I thought that perhaps the figures could have come
earlier in the document, when you first introduce the similarities
between CSRF and sharing, but this is not a big deal.

In an effort to find /something/ ;), I noticed that your numbering
scheme for "previous" hack tahoe winners is inconsistent. You use -2nd
and -1st on the csrf page but -1st and 0th on the announcement page.

Standard practice for these sorts of contests is to exclude
vulnerabilities that arise only through flaws in the third-party
components on which your system depends. For example, an attacker who
can subvert Tahoe only because of an implementation flaw in python would
normally be excluded. Likewise for flaws in foolscap or other
third-party libraries on which Tahoe depends that haven't been developed
by the allmydata.org team. You guys might want to decide whether you
consider such attacks "in scope" and to amend your announcement to make
this explicit in order to clarify the rules of the game. Although
reading it now it looks like you're purposefully choosing to be pretty
liberal in the hope of encouraging lateral thinking -- I like this
approach.

 Cheers

Toby

On Wed, 2008-07-16 at 15:40 -0600, zooko wrote:
> Dear cap-talk and tahoe-dev folks:
> 
> The Hack Tahoe! contest is not quite live.  (I still need to put up  
> more pictures, describe Drew Pertulla's contribution, add example  
> files and directories that you can attack, and perhaps also make it  
> not be so ugly.)
> 
> But, I just went and wrote a long note trying to persuade the reader  
> that the current well-known approaches to preventing CSRF attacks are  
> inferior to the capabilities approach.  And now I solicit your review  
> of that note to be sure that I haven't written anything wrong or  
> confusing.
> 
> So please read this page, but please do not post it to your favorite  
> news sites yet:
> 
> http://hacktahoe.org/csrf.html
> 
> Thank you!
> 
> Regards,
> 
> Zooko
> 
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk



More information about the cap-talk mailing list