Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify guidance around storage quota #106

Closed
wants to merge 1 commit into from
Closed

Clarify guidance around storage quota #106

wants to merge 1 commit into from

Conversation

pwnall
Copy link
Contributor

@pwnall pwnall commented Jun 15, 2020

Storage quota should not be based on free disk space, to avoid cross-origin resource size leaks.

(See WHATWG Working Mode: Changes for more details.)

@pwnall
Clarify guidance around storage quota
8364213 
Storage quota should not be based on free disk space, to avoid cross-origin resource size leaks.
@annevk
Copy link
Member

annevk commented Jun 15, 2020

In a way this duplicates the prior sentence, right?

It's also not clear this is sufficient to fully address #70. See https://bugzilla.mozilla.org/show_bug.cgi?id=1552848#c7.

@pwnall
Copy link
Contributor Author

pwnall commented Jun 15, 2020

In a way this duplicates the prior sentence, right?

In my understanding, the first sentence is a positive recommendation (yes, use total disk space as an upper limit for quota) and the second sentence is a negative recommendation (no, do not use free disk space as a quota cap).

Please feel free to use different words if my proposal isn't clear / doesn't accomplish its goal.

It's also not clear this is sufficient to fully address #70. See https://bugzilla.mozilla.org/show_bug.cgi?id=1552848#c7.

Agreed. A full solution will probably have to be very prescriptive to demonstrably avoid both cross-origin resource size leaks and fingerprinting. I submitted this PR as a step forward.

According to my understanding, the spec currently recommends using free disk space as a quota cap. This is dangerous because it enables HEIST-like attacks. The text I proposed switches the recommendation to total disk space. This closes off the attacks mentioned above, at the cost of leaking some information about disk capacity. I think the latter is a lesser evil, so this is better guidance than what's currently in the spec. I don't think this PR would fully fix #70 and I didn't claim it would 😄

annevk added a commit that referenced this pull request Jul 6, 2020
@annevk
Make it clear that quota is not supposed to be a function of availabl…
fb25e93 
…e space

Also make it clear usage and quota for storage shelves are ultimately implementation-defined.

Helps with #95 and #70.

Closes #106.
@annevk annevk mentioned this pull request Jul 6, 2020
Merged
@annevk
Copy link
Member

annevk commented Jul 6, 2020

I put up #108 as an alternative. Let me know what you think.

annevk added a commit that referenced this pull request Jul 6, 2020
@annevk
Quota is not supposed to be a function of available space
8ac1635 
Also make it clear usage and quota for storage shelves are ultimately implementation-defined.

Helps with #95 and #70.

Closes #106.
@annevk annevk closed this in #108 Jul 8, 2020
annevk added a commit that referenced this pull request Jul 8, 2020
@annevk
Quota is not supposed to be a function of available space
9c83296 
Also make it clear usage and quota for storage shelves are ultimately implementation-defined.

Helps with #95 and #70.

Closes #106.
@pwnall pwnall deleted the patch-2 branch July 8, 2020 23:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pwnall @annevk