Re: The git protocol and DoS

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "H. Peter Anvin" <hpa@zytor.com>
To: Junio C Hamano <junkio@cox.net>
Cc: git@vger.kernel.org
Subject: Re: The git protocol and DoS
Date: Wed, 19 Oct 2005 13:55:35 -0700	[thread overview]
Message-ID: <4356B2C7.601@zytor.com> (raw)
In-Reply-To: <7vmzl544f3.fsf@assigned-by-dhcp.cox.net>

Junio C Hamano wrote:
> "H. Peter Anvin" <hpa@zytor.com> writes:
> 
>>It would, however, require a protocol change; I would like to hear what 
>>people think about this at this stac=ge.
> 
> Well, it is full two days since a majorly visible git protocol
> enabled server has been announced, and you probably know what
> kind of hits you are getting (and please let us know if you have
> numbers, I am curious).

About 350 hits so far, total.  Utter peanuts.

> If we do a protocol change, earlier the
> better.  You already said that the kernel.org git is
> experimental.  Does anybody run git daemons and rely on the
> current protocol? 
 >
> I suspect it would not make *any* sense to have a backward
> compatible server that optionally allows this cookie exchange --
> attackers can just say "I am an older client".  OTOH, it
> probably makes sense to have an option on the client side to
> skip the cookie exchange stage.  I do not think autodetecting
> new/old server on the client side in connect.c is possible.
> 

You mean an option on the *server* to skip the cookie exchange?  If so, 
how would you expect the client to handle it?

	-hpa

next prev parent reply	other threads:[~2005-10-19 20:55 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-10-19 20:00 The git protocol and DoS H. Peter Anvin
2005-10-19 20:50 ` Junio C Hamano
2005-10-19 20:55   ` H. Peter Anvin [this message]
2005-10-19 21:06     ` Junio C Hamano
2005-10-19 21:59       ` H. Peter Anvin
2005-10-19 21:31     ` Linus Torvalds
2005-10-19 21:54       ` Junio C Hamano
2005-10-19 22:01         ` H. Peter Anvin
2005-10-19 22:20 ` Petr Baudis
2005-10-19 22:39   ` Tony Luck
2005-10-20  0:20   ` David Brown
2005-10-20  8:16   ` Andreas Ericsson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4356B2C7.601@zytor.com \
    --to=hpa@zytor.com \
    --cc=git@vger.kernel.org \
    --cc=junkio@cox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.