MYPROXY-2008-0003

A user from a remote host that is able to store a credential in the myproxy-server can cause reduced availability of the myproxy-server.

remote user with a MyProxy authorization

This vulnerability requires a user to be able to connect, authenticate, and be able to store a credential to the myproxy-server.

medium

To exploit this vulnerability requires the use of the standard client interface.

low

This vulnerability can result in reduced availability of the myproxy-server.

MyProxy stores all of its credentials and metadata about the credentials in a single flat directory structure. On some platforms certain file systems store the directory entries as a linear list so adding, looking up and removing directory entries in a directory with n entries take time O(n).

If a malicious user continual repeatedly adds credentials this operation will be quadratic in time.

Even if the file system does not exhibit the O(n) behavior there are certain operations that scan the entire directory using opendir and readdir to find filenames matching a pattern.

denial of service

This vulnerability is caused by using a flat directory for the credential store which exhibits O(n) behavior where ideally you would like O(1) behavior.

Use a multilevel directory scheme to limit number of entries in a particular directory and to limit the search space for directory scans. An alternative would be to use a database technology such as dbm or sqlite.

The MyProxy project has no plans to address this scalability issue at this time. The myproxy-server scales well to over 100,000 credentials in the repository, which is currently adequate for the needs of the user community. Information about MyProxy scalability is provided at <http://grid.ncsa.uiuc.edu/myproxy/scalability.html>.

This research funded in part by NATO grant CLG 983049, the National Science Foundation under contract with San Diego Supercomputing Center, and National Science Foundation grants CNS-0627501 and CNS-0716460.