From: Junio C Hamano <gitster@pobox.com>
To: Stefan Beller <sbeller@google.com>
Cc: Johannes Schindelin <Johannes.Schindelin@gmx.de>,
Ben Peart <peartben@gmail.com>,
Ben Peart <benpeart@microsoft.com>,
"git\@vger.kernel.org" <git@vger.kernel.org>,
Jeff Hostetler <jeffhost@microsoft.com>,
Thomas Gummerer <t.gummerer@gmail.com>,
Michael Haggerty <mhagger@alum.mit.edu>
Subject: Re: [PATCH v1] read_index_from(): Skip verification of the cache entry order to speed index loading
Date: Sat, 21 Oct 2017 10:55:46 +0900 [thread overview]
Message-ID: <xmqqbml1gt7h.fsf@gitster.mtv.corp.google.com> (raw)
In-Reply-To: <CAGZ79kZ_WjnH-vM84C8cE-jS=V=p4tGSiwXX3cKwbDOUvUs_dA@mail.gmail.com> (Stefan Beller's message of "Fri, 20 Oct 2017 11:53:25 -0700")
Stefan Beller <sbeller@google.com> writes:
> There was a recent thread (which I assumed was the one I linked), that talked
> about security implications as soon as we loose the rather strict "git
> is to be used
> in a posix world", e.g. sharing your repo over NFS/Dropbox. The
> specific question
> that Peff asked was how the internal formats can be exploited. (Can a malicious
> index file be crafted such that it is not just a segfault, but a
> 'remote' code execution,
> given that you deploy the maliciously crafted file via NFS. Removing checks that
> we already have made me a bit suspicious that it *may* be helping an
> attacker here,
> though I have no hard data to show)
>
> Sorry for the confusion,
Thanks for an explanation, as I had the same reaction as Dscho
initially. I'd assumed that the worst would be to create a wrong
state (e.g. the same path registered twice with different contents
in the index, a malformed tree written out of it, etc.), but that's
merely an assumption not the result of an audit.
next prev parent reply other threads:[~2017-10-21 1:55 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-18 14:27 [PATCH v1] read_index_from(): Skip verification of the cache entry order to speed index loading Ben Peart
2017-10-19 5:22 ` Junio C Hamano
2017-10-19 15:12 ` Ben Peart
2017-10-19 16:05 ` Jeff King
2017-10-20 1:14 ` Junio C Hamano
2017-10-19 22:14 ` Stefan Beller
2017-10-20 12:47 ` Johannes Schindelin
2017-10-20 18:53 ` Stefan Beller
2017-10-21 1:55 ` Junio C Hamano [this message]
2017-10-24 14:45 ` [PATCH v2] " Ben Peart
2017-10-30 12:48 ` Ben Peart
2017-10-30 18:03 ` Jeff King
2017-10-31 0:33 ` Alex Vandiver
2017-10-31 13:01 ` Ben Peart
2017-10-31 17:10 ` Jeff King
2017-11-01 6:09 ` Junio C Hamano
2017-10-31 1:49 ` Junio C Hamano
2017-10-31 12:51 ` Ben Peart
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqbml1gt7h.fsf@gitster.mtv.corp.google.com \
--to=gitster@pobox.com \
--cc=Johannes.Schindelin@gmx.de \
--cc=benpeart@microsoft.com \
--cc=git@vger.kernel.org \
--cc=jeffhost@microsoft.com \
--cc=mhagger@alum.mit.edu \
--cc=peartben@gmail.com \
--cc=sbeller@google.com \
--cc=t.gummerer@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.