[bug] Vault name can create dropbox directories
I suppose it's possible this is a deliberate feature, but creating a dropbox-backed vault with a forward slash creates directories. This is confusing as is, but could also be a vector for DoS if it were possible to use it to overwrite other important files or directories, particularly given the sensitivity and importance of documents commonly stored in dropbox.
For example, when I created the vault "Smart/Casual" this was not the behaviour I expected:
1Password Version: 1Password 5 Version 5.3.2 (532001) Agile Web Store
Extension Version: Not Provided
OS Version: 10.10.3 (14D136)
Sync Type: Dropbox
Comments
-
Further to this I've just created a test vault called "../Test" which created "Test.agilekeychain" in the root of my dropbox, not in the 1Password folder. This can be used indefinitely to write to any directory on the system. This is probably not a critical issue since the file will always end ".agilekeychain" and creating the vault will fail rather than overwrite existing files.
0 -
Hi @elliotcm,
You're correct in that we definitely have a bug but you knew that was the case :wink: It seems we're not sanitising the name for sync purposes and we will have to resolve that. While it's a silly bug to have I suspect it's potential for damage is limited to the user screwing themselves over. Standard file permissions won't allow you to write to an area you don't have access to and even if we're talking about a shared folder in Dropbox the files are either in the shared folder and so shared or the path results in them being created elsewhere and so they aren't shared - I don't believe this will allow anything to break out of where it should be stored as we're never creating it in the right place to start with.
A big thanks for reporting this though as this is something we don't want to be doing. Nice catch! :smile:
ref: OPM-3212
0
