Security: Using --share produce URLs which are way too easy to guess
leszekhanusz opened this issue · comments
Describe the bug
The URLs currently produced when using the share option are in the form https://12345.gradio.app
The numbers at the start are way too easy to guess, a malicious actor can easily try every combination of numbers to find a specific application and could allow remote code execution depending on the application.
Possible solution: instead of using only 5 numbers with low entropy (10^5 = 100000), use something like 15 characters in the range [0-9][a-z][A-Z]
(base 62) with (26+26+10)^15 = 7,689097049×10²⁶ possibilities which will generate URLs looking like this: https://vteiTSJw4V0GOL5.gradio.app
Note: not reporting this issue as a security issue as this is already a public issue
Is there an existing issue for this?
- I have searched the existing issues
Reproduction
N/A
Screenshot
No response
Logs
N/A
System Info
N/A
Severity
serious, but I can work around it
Thanks for reporting the issue @leszekhanusz, agreed about the seriousness of the issue, let us see if we can quickly fix it.
Hi @leszekhanusz we just pushed a change to how our links are generated so this issue should now be fixed across all versions of Gradio. I would appreciate if you can try it out and let us know if it works for you
Thanks for the quick reaction! I don't have access to my pc today, could someone else confirm it's fixed?
Great! I’ll go ahead and close the issue then
@abidlabs One of my URLs was just recycled within a couple hours of shutting the down the app. Given the large number of bits in the subdomain, it seems these new URLs aren't random, but maybe something like a hash of the original ID. In any case, it looks like it's possible to spin up demos and collect URLs to guess in the future
Thanks for the heads up @float-trip. Share URLs can still be recycled in theory, but this PR: #2509 should completely fix that. We'll aiming to release next week!