Re: On undoing a forced push

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jeff King <peff@peff.net>
To: Sitaram Chamarty <sitaramc@gmail.com>
Cc: Duy Nguyen <pclouds@gmail.com>, git@vger.kernel.org
Subject: Re: On undoing a forced push
Date: Tue, 9 Jun 2015 10:25:51 -0400	[thread overview]
Message-ID: <20150609142550.GB7894@peff.net> (raw)
In-Reply-To: <5576F2DC.7040603@gmail.com>

On Tue, Jun 09, 2015 at 07:36:20PM +0530, Sitaram Chamarty wrote:

> > This patch prints the latest SHA-1 before the forced push in full. He
> > then can do
> > 
> >     git push <remote> +<old-sha1>:<ref>
> > 
> > He does not even need to have the objects that <old-sha1> refers
> > to. We could simply push an empty pack and the the remote will happily
> > accept the force, assuming garbage collection has not happened. But
> > that's another and a little more complex patch.
> 
> If I am not mistaken, we actively prevent people from downloading an
> unreferenced SHA (such as would happen if you overwrote refs that
> contained sensitive information like passwords).
> 
> Wouldn't allowing the kind of push you just described, require negating
> that protection?

No, this has always worked. If you have write access to a repository,
you can fetch anything from it with this trick. Even if we blocked this,
there are other ways to leak information. For instance, I can push up
objects that are "similar" to the target object, claim to have the
target object, and then hope git will make a delta between my similar
object and the target. Iterate on the "similar" object and you can
eventually figure out what is in the target object.

This is one of the reasons we do not share objects between public and
private forks at GitHub.

-Peff

next prev parent reply	other threads:[~2015-06-09 14:26 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-06-09 12:12 On undoing a forced push Duy Nguyen
2015-06-09 13:17 ` Matthieu Moy
2015-06-09 14:06 ` Sitaram Chamarty
2015-06-09 14:25   ` Jeff King [this message]
2015-06-09 14:50     ` Sitaram Chamarty
2015-06-09 16:29   ` Johannes Schindelin
2015-06-09 16:55     ` Stefan Beller
2015-06-09 23:24     ` Duy Nguyen
2015-06-09 15:00 ` brian m. carlson
2015-06-10  2:43   ` Duy Nguyen
2015-06-10 12:18     ` brian m. carlson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150609142550.GB7894@peff.net \
    --to=peff@peff.net \
    --cc=git@vger.kernel.org \
    --cc=pclouds@gmail.com \
    --cc=sitaramc@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.