MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 12:52:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: information disclosure bug in preconditions GET (#19810)

Browse Source 
precondition check was being honored before, validating
if anonymous access is allowed on the metadata of an
object, leading to metadata disclosure of the following
headers.

```
Last-Modified
Etag
x-amz-version-id
Expires:
Cache-Control:
```

although the information presented is minimal in nature,
and of opaque nature. It still simply discloses that an
object by a specific name exists or not without even having
enough permissions.
This commit is contained in:
Harshavardhana
2024-05-27 12:17:46 -07:00
committed by GitHub
parent 9d20dec56a
commit e0fe7cc391
19 changed files with 90 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
docs/bucket/replication/setup_3site_replication.sh
View File

@@ -43,8 +43,6 @@ unset MINIO_KMS_KES_KEY_FILE
unset MINIO_KMS_KES_ENDPOINT
unset MINIO_KMS_KES_KEY_NAME
go install -v github.com/minio/minio/docs/debugging/s3-check-md5@latest
wget -q -O mc https://dl.minio.io/client/mc/release/linux-amd64/mc &&
chmod +x mc
@@ -202,19 +200,19 @@ head -c 221227088 </dev/urandom >200M
sleep 10
echo "Verifying ETag for all objects"
s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9001/ -bucket bucket
s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9002/ -bucket bucket
s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9003/ -bucket bucket
s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9004/ -bucket bucket
s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9005/ -bucket bucket
s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9006/ -bucket bucket
./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9001/ -bucket bucket
./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9002/ -bucket bucket
./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9003/ -bucket bucket
./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9004/ -bucket bucket
./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9005/ -bucket bucket
./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9006/ -bucket bucket
s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9001/ -bucket olockbucket
s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9002/ -bucket olockbucket
s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9003/ -bucket olockbucket
s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9004/ -bucket olockbucket
s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9005/ -bucket olockbucket
s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9006/ -bucket olockbucket
./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9001/ -bucket olockbucket
./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9002/ -bucket olockbucket
./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9003/ -bucket olockbucket
./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9004/ -bucket olockbucket
./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9005/ -bucket olockbucket
./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9006/ -bucket olockbucket
# additional tests for encryption object alignment
go install -v github.com/minio/multipart-debug@latest

3
docs/debugging/build.sh
View File

@@ -2,5 +2,6 @@
export CGO_ENABLED=0
for dir in docs/debugging/*/; do
go build -C ${dir} -v
bin=$(basename ${dir})
go build -C ${dir} -o ${PWD}/${bin}
done

2
docs/debugging/inspect/go.mod
View File

@@ -1,6 +1,6 @@
module github.com/minio/minio/docs/debugging/inspect
go 1.19
go 1.21
require (
github.com/klauspost/compress v1.17.4

2
docs/debugging/pprofgoparser/go.mod
View File

@@ -1,3 +1,3 @@
module github.com/minio/minio/docs/debugging/pprofgoparser
go 1.19
go 1.21

4
docs/debugging/reorder-disks/go.mod
View File

@@ -1,5 +1,5 @@
module github.com/minio/minio/docs/debugging/reorder-disks
go 1.19
go 1.21
require github.com/minio/pkg/v2 v2.0.6
require github.com/minio/pkg/v3 v3.0.1

4
docs/debugging/reorder-disks/go.sum
View File

@@ -1,2 +1,2 @@
github.com/minio/pkg/v2 v2.0.6 h1:n+PpbSMaJK1FfQkP55l1y0wj5Hi9R5w2DtGhxiGdP9I=
github.com/minio/pkg/v2 v2.0.6/go.mod h1:Z9Z/LzhTIxZ6zhPeW658vmLRilRek3zBOqNB9j+lxSY=
github.com/minio/pkg/v3 v3.0.1 h1:qts6g9rYjAdeomRdwjnMc1IaQ6KbaJs3dwqBntXziaw=
github.com/minio/pkg/v3 v3.0.1/go.mod h1:53gkSUVHcfYoskOs5YAJ3D99nsd2SKru90rdE9whlXU=

2
docs/debugging/xattr/go.mod
View File

@@ -1,6 +1,6 @@
module github.com/minio/minio/docs/debugging/xattr
go 1.19
go 1.21
require (
github.com/olekukonko/tablewriter v0.0.5

4
docs/distributed/decom-compressed-sse-s3.sh
View File

@@ -148,8 +148,6 @@ if [ $ret -ne 0 ]; then
exit 1
fi
go install -v github.com/minio/minio/docs/debugging/s3-check-md5@latest
s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned
./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned
kill $pid

6
docs/distributed/decom-encrypted-kes.sh
View File

@@ -238,10 +238,8 @@ if [ $ret -ne 0 ]; then
exit 1
fi
go install -v github.com/minio/minio/docs/debugging/s3-check-md5@latest
s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned
s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned-1
./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned
./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned-1
kill $pid
kill $kes_pid

4
docs/distributed/decom-encrypted-sse-s3.sh
View File

@@ -158,8 +158,6 @@ if [ $ret -ne 0 ]; then
exit 1
fi
go install -v github.com/minio/minio/docs/debugging/s3-check-md5@latest
s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned
./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned
kill $pid

4
docs/distributed/decom-encrypted.sh
View File

@@ -144,8 +144,6 @@ if [ "${expected_checksum}" != "${got_checksum}" ]; then
exit 1
fi
go install -v github.com/minio/minio/docs/debugging/s3-check-md5@latest
s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned
./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned
kill $pid

2
docs/distributed/decom.sh
View File

@@ -212,8 +212,6 @@ if [ "${expected_checksum}" != "${got_checksum}" ]; then
exit 1
fi
go install -v github.com/minio/minio/docs/debugging/s3-check-md5@latest
s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket bucket2
s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned