-
-
Notifications
You must be signed in to change notification settings - Fork 732
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
create: DoS in not authenticated mode? #6715
Comments
Not adding "security" label here, because it is a) documented and b) everybody not using an authenticated mode is obviously not much interested in security anyway. |
It most likely refers to this comment. |
@elho ah, yes, thanks for digging that. What I'm asking myself now is whether this is notable enough and if so, whether we maybe should add an explaining sentence there, so that people do not wonder. If not, we could also remove that note there. |
„This mode has possible denial-of-service issues when running borg create on contents controlled by an attacker.“ We could add a warning like |
What kind of person would want to read that? Someone who is interested in security, but who wants to use the least secure repo type nevertheless? |
There's some pointer to a DoS added by this PR:
97089fe
But it is unclear about how such an attack (on
borg create
) could work. Thus, this comment mainly leaves people confused.Also, due to that, it is also not clear whether this still applies.
The text was updated successfully, but these errors were encountered: