Hi All,
We recently added a new feature to the Firefox Sync service to support
atomic uploads of large batches of items [1]. Unfortunately we have
identified a critical issue in the implementation of this API: under
high load, if two users initiate a batch upload at the exact same
time, the encrypted records being uploaded by both users may get
merged under a single user’s account, leading to data corruption for
that user and data loss for the other.
If you are running your own instance of the sync storage server [2]
built on or after November 23rd 2016, then it will have the batch
upload API enabled by default. Please disable this feature by adding
the following to your .ini configuration file and restarting the
server:
[storage]
batch_upload_enabled = false
While I encourage all self-hosters to disable the feature as a
precaution, it's important to note that this issue is unlikely to
affect you in practice unless your server is under significant load,
and it cannot occur on servers that only host a single user. If users
on your server were affected then they might experience unexpected
sync failures, or might observe "HMAC verification" errors in their
sync logs when Firefox fails to decrypt the affected records.
If you believe your users might have experienced data loss or
corruption due to this issue then I recommend doing a "node reset" for
all users on the server, which will force connected devices to upload
a fresh copy of their Firefox data. This can be achieved by running
the following SQL command on your sync server database:
DELETE FROM users;
(Don't worry, the "users" table in sync just stores a mapping from
user ids to storage nodes, so this command won't delete any actual
user accounts!)
Thanks,
Ryan
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1250189
[2] https://github.com/mozilla-services/syncserver/
_______________________________________________
Sync-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/sync-dev
