Fix #52818
closedMake RGW transaction IDs less deterministic
0%
Description
S3 API responses expose RGW transaction IDs in the `x-amz-request-id` header. The current format of these IDs is: 'tx{counter}-{timestamp}-{rgw-daemon-id}', where the variable components are:
counter: per-daemon incremental counter that resets on each process restart, encoded as a 21 digit hex value
timestamp: unix timestamp encoded as a hex value
rgw-daemon-id: concatenation of RGW daemon instance ID and zone name
This format poses a few concerns for the service provider use case.
1) The counter/timestamp values leak information about the backend servers (number of requests processed, request processing rates over time, time-frames of when daemons likely restarted).
2) A client that knows one transaction ID could conceivably guess other valid transaction IDs (potentially belonging to other clients) by brute-force checking the validity of subsequent counter values in combination with likely timestamps. For service providers that wish to expose transaction log search functionality to clients (indexed by transaction IDs), extra care would be needed in order to ensure isolation of tenant data.
The proposed solution is to change the counter to a randomly generated value instead of an incremental one.
Updated by Casey Bodley over 2 years ago
- Status changed from New to Fix Under Review
- Pull request ID set to 43428
Updated by Casey Bodley over 2 years ago
- Status changed from Fix Under Review to Pending Backport
- Backport set to pacific octopus
Updated by Backport Bot over 2 years ago
- Copied to Backport #52959: octopus: Make RGW transaction IDs less deterministic added
Updated by Backport Bot over 2 years ago
- Copied to Backport #52960: pacific: Make RGW transaction IDs less deterministic added
Updated by Loïc Dachary over 2 years ago
- Status changed from Pending Backport to Resolved
While running with --resolve-parent, the script "backport-create-issue" noticed that all backports of this issue are in status "Resolved" or "Rejected".