Skip to content

[R-4][Medium] Per-object/owner ACLs for object & LFS confidentiality #4

Description

@v-code01

From the review (https://github.com/v-code01/ledge/blob/main/AUDIT.md §F-3, R-4). Cross-tenant object/LFS confidentiality rests on ObjectId-unguessability + ref-reachability, not per-object ACLs; an out-of-band oid leak permits a cross-tenant read of that object. Refs/workspaces ARE isolated. Closes it: per-object/owner ACLs on the object/LFS read paths. Severity: Medium.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions