Re: Security problem - Alexander Litvinov

Git development
 help / color / mirror / Atom feed

From: Alexander Litvinov <lan@academsoft.ru>
To: Linus Torvalds <torvalds@osdl.org>
Cc: Junio C Hamano <junkio@cox.net>, git@vger.kernel.org
Subject: Re: Security problem
Date: Fri, 16 Jun 2006 10:54:46 +0700	[thread overview]
Message-ID: <200606161054.46813.lan@academsoft.ru> (raw)
In-Reply-To: <Pine.LNX.4.64.0606151948230.5498@g5.osdl.org>

> If you can't trust your local filesystem, you are screwed.

You are right, I trust my file system. But if our team had central repo with 
ssh access to that machine, every developer can hack central repo.

Whould git-clone/git-fetch warn me about this ?

My own test with (another) local repo says:
lan@lan:~/tmp/git/test> git clone 1 2
Generating pack...
Done counting 3 objects.
Deltifying 3 objects.
 100% (3/3) done
Total 3, written 3 (delta 0), reused 0 (delta 0)
error: git-checkout-index: unable to read sha1 file of a 
(3609f20ebd357679b111783e8afaf36ec46427f3)

It can't checkout object (3609f20ebd357679b111783e8afaf36ec46427f3 is the 
original file). It seems packed repos are safe from this point.

next prev parent reply	other threads:[~2006-06-16  3:55 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <200606151709.22752.lan@academsoft.ru>
2006-06-16  0:12 ` Security problem Junio C Hamano
2006-06-16  2:28   ` Linus Torvalds
     [not found]     ` <200606160931.29553.lan@academsoft.ru>
2006-06-16  2:56       ` Linus Torvalds
2006-06-16  3:54         ` Alexander Litvinov [this message]
2006-06-16  5:00           ` Linus Torvalds
2006-06-16  5:37             ` Alexander Litvinov
2006-06-16  6:27               ` Linus Torvalds
2006-06-16  8:18                 ` Alexander Litvinov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200606161054.46813.lan@academsoft.ru \
    --to=lan@academsoft.ru \
    --cc=git@vger.kernel.org \
    --cc=junkio@cox.net \
    --cc=torvalds@osdl.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox