Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Reinstate full protection against slow retrieval attacks

See original GitHub issue

Description of issue or feature request:

#781 updated tuf’s downloader module to use requests instead of custom networking code, to fix issues with HTTPS proxies.

This change, however, deprived TUF of a way to prevent a certain kind of slow retrieval attack, where the attacker sends bytes below a minimum average speed.

This attack can not be prevented with the timeout parameters provided by requests, which are:

connect timeout (max # of seconds to establish connection with server)
read timeout (max # of seconds between bytes sent from the server)

Current behavior: Cannot reliably enforce minimal average download speed and thus is vulnerable to slow retrieval attacks.

Expected behavior: Reinstate full protection against slow retrieval attacks

Possible ways of fixing are

report issue to requests and ask them to fix it, or
switch to equally well-established and feature-rich requests-alternative that supports non-blocking I/O

Note: The comments in #781 have more ways of addressing this issue and also discuss whey they are not viable. Consider reading up on the discussion when working on this issue.

Issue Analytics

State:
Created 4 years ago
Comments:15 (11 by maintainers)

Top GitHub Comments

3reactions

SantiagoTorrescommented, Jun 8, 2020

Btw., (and this is more a note to the co-maintainer) I saw that none of the mentioned libraries work on Python 2.7. @SantiagoTorres, @trishankatdatadog, @JustinCappos how long do we still want to support a Python 2.7 client?

I think this is an artifact of async not existing on py2 (iirc). My ideal roadmap was to:

Provide library X as an optdepend
if exists, you get slow retrieval protection
if it doesn’t, then you get whatever is in place right now

I find this appealing because we can also allow people to fall back to the default implementation if they find things to be finnicky. Needless to say, this way we can also leave py2 out of the question.

2reactions

Urhengulascommented, Mar 29, 2020

Hey @lukpueh, I would also love to work on it as part of GSOC2020. Currently finishing my proposal and going to send a post in Slack.

Top Results From Across the Web

Azure backup and restore plan to protect against ransomware

Protect backups against deliberate erasure and encryption: Store backups in offline or off-site storage and/or immutable storage. Require out of ...

Ransomware Recovery and Backup - Pure Storage

Pure helps mitigate ransomware attacks by securing critical data from being altered or destroyed, enabling you to recover quickly from an attack. Secure...

Rev Up Database Recovery at 35 TB/Hour+ with Zero Data ...

A storage replication product offering 'real-time protection' but with slow restore performance does not solve the downtime problem. A copy data ...

How to Prevent DDoS Attacks: 7 Tried-and-Tested Methods

Learn how to prevent DDoS attacks, a simple yet effective tactic hackers use to flood a system with traffic and sabotage its resources....

Disaster recovery options in the cloud - AWS Documentation

Backup and restore is a suitable approach for mitigating against data loss or corruption. This approach can also be used to mitigate against...