ECS: Setting SWIFT read ACL to ".r:*" allows unwanted dir listing


   Article Number:     535575                                   Article Version: 4     Article Type:    Break Fix 




ECS Appliance Software without Encryption





The customers intention is to anonymously access objects if the full path is known. But setting Swift Read ACL to ".r:*" allows unwanted dirlisting.   
    We would like to use a Swift ACL-Read Policy to allow anonymous access to objects as described here:   
    python-swiftclient is used as client in this case.   
    setting the Policy:   

swift post --read-acl ".r:*" private-swift    
    checking the policy:   
swift stat private-swift               Account: ops-thomas             Container: private-swift               Objects: 0                 Bytes: 0              Read ACL: .r:*             Write ACL:               Sync To:              Sync Key:X-Emc-Retention-Period: 0X-Emc-Is-Tso-Read-Only: false         Accept-Ranges: bytes            X-Trans-Id: tx0a10c20b1685c1199fc75-39ae00000000           X-Timestamp: 1554368486418      X-Emc-Request-Id: 0a10c20b:1685c1199fc:7539a:eX-Emc-Is-Stale-Allowed: false          Content-Type: text/html    
    If the full path of an object is now provided to anonymous (without using a token), all the files can be listed within the folder. This is not expected   






A bug in the ECS Software has been discovered                                                           






If you see this issue, a customer specific patch is required on top of the latest ECS Release (right now it is 3.3HF1).   
    Please open a Service Request with Dell EMC Support and mention this KB for requesting a custom patch if needed.   
    A future version of ECS will contain a final fix.