Page MenuHomePhabricator

[lib] Tighten utils type to contain only thick threads
ClosedPublic

Authored by tomek on Thu, Oct 31, 7:59 AM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 28, 5:00 AM
Unknown Object (File)
Tue, Nov 26, 4:12 PM
Unknown Object (File)
Tue, Nov 26, 12:37 PM
Unknown Object (File)
Tue, Nov 26, 7:31 AM
Unknown Object (File)
Mon, Nov 25, 10:41 AM
Unknown Object (File)
Sat, Nov 23, 4:33 AM
Unknown Object (File)
Thu, Nov 14, 9:19 PM
Unknown Object (File)
Sun, Nov 10, 10:53 AM
Subscribers

Details

Summary

It is inconvenient to have the assertions in a lot of places - the issue would become a lot worse after the rest of the stack.

This diff introduces a new risk - an attacker can create a new thread with the same ID as an existing thin thread. Not sure how useful this attack could be. Protecting against it is handled in https://linear.app/comm/issue/ENG-9468/introduce-additional-validation-of-operations.

https://linear.app/comm/issue/ENG-9823/fix-sending-notifs-about-leaving-a-thick-thread

Depends on D13698

Test Plan

Flow

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

tomek requested review of this revision.Thu, Oct 31, 8:17 AM

This diff introduces a new risk - an attacker can create a new thread with the same ID as an existing thin thread. Not sure how useful this attack could be. Protecting against it is handled in https://linear.app/comm/issue/ENG-9468/introduce-additional-validation-of-operations.

I'm a bit skeptical about introducing this regression. The task you linked is unlikely to be prioritized anytime soon.

This diff introduces a new risk - an attacker can create a new thread with the same ID as an existing thin thread. Not sure how useful this attack could be. Protecting against it is handled in https://linear.app/comm/issue/ENG-9468/introduce-additional-validation-of-operations.

I'm a bit skeptical about introducing this regression. The task you linked is unlikely to be prioritized anytime soon.

Introducing protection against this is a really quick fix (30 min?) to implement, and I think we can create a subtask out of that task and prioritize it.

This revision is now accepted and ready to land.Tue, Nov 5, 1:44 AM