From: Andreas Ericsson <ae@op5.se>
To: Jonathan Nieder <jrnieder@gmail.com>
Cc: Junio C Hamano <gitster@pobox.com>, Aghiles <aghilesk@gmail.com>,
git list <git@vger.kernel.org>, Kim Ebert <kd7ike@gmail.com>
Subject: Re: Useless error message?
Date: Thu, 22 Apr 2010 11:59:37 +0200 [thread overview]
Message-ID: <4BD01E09.8080504@op5.se> (raw)
In-Reply-To: <20100422094153.GA504@progeny.tock>
On 04/22/2010 11:42 AM, Jonathan Nieder wrote:
> Junio C Hamano wrote:
>
>> The true story is a bit different.
>>
>> To avoid information leak to git-daemon clients, we deliberately choose
>> not to give detailed error messages, so that you cannot tell if an error
>> means a user "u" does not exist or "u" does but ~u/repo.git repository
>> does not exist.
>
> Thanks for the clarification. As I see it, these are two different
> classes of problem:
>
> 1. The git daemon is very quiet, usually for good reason, as you
> mentioned [1] [2].
>
> 2. The git daemon and protocol helpers do not always send the datum “a
> controlled fatal error occured” by writing some message (any
> message) to side band 3.
>
> [1] I do suspect that in the case of failing enter_repo() or missing
> git-daemon-export-ok, saying “cannot read the specified repo” would be
> fine. Most of the time, there is not much value in disclosing a more
> detailed reason, anyway.
>
That would make it possible for random attackers to determine whether
a specific user exists on the system, which is very bad indeed.
> [2] Example fix for a problem in this class:
> http://thread.gmane.org/gmane.comp.version-control.git/139029
That's a different problem. We only end up in {send,receive}-pack if
the remote user asked for an existing repository, which means he or
she is either a very determined guesser or, more likely, already
knows that the user exists and where he or she keeps git repos. A
possible issue, to be sure, but definitely a far narrower window
than just guessing a username.
--
Andreas Ericsson andreas.ericsson@op5.se
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.
next prev parent reply other threads:[~2010-04-22 9:59 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-21 21:17 Useless error message? Aghiles
2010-04-21 21:29 ` Kim Ebert
2010-04-21 22:19 ` Jonathan Nieder
2010-04-22 6:33 ` Junio C Hamano
2010-04-22 9:42 ` Jonathan Nieder
2010-04-22 9:59 ` Andreas Ericsson [this message]
2010-04-22 10:15 ` Jonathan Nieder
2010-04-22 10:27 ` Andreas Ericsson
2010-04-22 10:38 ` Jonathan Nieder
2010-04-22 12:44 ` Ilari Liusvaara
2010-04-22 22:21 ` [PATCH] daemon: report inaccessible repositories to user Jonathan Nieder
2010-04-22 11:56 ` Useless error message? Petr Baudis
2010-04-22 20:13 ` Aghiles
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BD01E09.8080504@op5.se \
--to=ae@op5.se \
--cc=aghilesk@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=jrnieder@gmail.com \
--cc=kd7ike@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.