From: Joey Hess <joey@kitenet.net>
To: Git Mailing List <git@vger.kernel.org>
Subject: Re: [PATCH 2/2] push -s: skeleton
Date: Fri, 9 Sep 2011 12:03:01 -0400 [thread overview]
Message-ID: <20110909160301.GA9707@gnu.kitenet.net> (raw)
In-Reply-To: <robbat2-20110909T004300-810527870Z@orbis-terrarum.net>
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="//TRANSLIT", Size: 2109 bytes --]
Robin H. Johnson wrote:
> Joey Hess discussed this two years ago, and again last week:
> http://kitenet.net/~joey/blog/entry/size_of_the_git_sha1_collision_attack_surface/
>
> This is easy in the kernel tree, it's got lots of eyeballs and only few
> binary files. This isn't true for lots of other Git trees, a tree with a
> JPEG image or a gzip file would be a great target.
The most credible attack I have so far does not involve binary files in
tree. Someone pointed out that git log, git show, etc stop printing
commit messages at NULL. So colliding binary garbage can be put in a
commit message and be unlikely to be noticed, and the commit can
later be altered to point to a different tree.
https://github.com/joeyh/supercollider
joey@gnu:~/tmp/supercollider>git log
commit 24f30db5790b209fa412ce81c5ef2bf8af5fd4d7
Author: Joey Hess <joey@kitenet.net>
Date: Fri Sep 9 11:49:21 2011 -0400
an innocent commit
If this were a sha1 colliding attack, there would be some sort of binary
garbage below. Which there isn't. So this can be safely merged.
joey@gnu:~/tmp/supercollider>git cat-file commit 24f30db5790b209fa412ce81c5ef2bf8af5fd4d7
tree 735a7633237c07b398856005de3bc9ea00446747
author Joey Hess <joey@kitenet.net> 1315583361 -0400
committer Joey Hess <joey@kitenet.net> 1315583361 -0400
an innocent commit
If this were a sha1 colliding attack, there would be some sort of binary
garbage below. Which there isn't. So this can be safely merged.
\0
??b???\x1f[?i??ͯ?t?\f2??\x02????os?\x14<????h?+,M?mY?e?EW?i\x13v$???\x14J??U}n~???L??????f??\x02?ě??3>?Q??H?\x16*zl\x1a?RA˂q?E\f?\x06\x16E\x7f7??^[?\x03\?m???U?\x1e>MU\v GY?d)?ȼ??'g?~D??ɯhQ?\x13???/"E\x04??X?m???^??S?D\x13??;w6(?`??>?\x10縘?\aAѲ?*!??@v????>?8??2\b?\x14!??=*?J ^[\r\r???\x01ynH\x10???c?w?\??K7??\x1c?N?6??\x1c???A5?FM?wZ?~?pK\x02Y?R???s7\x7f??(?\aƶ?_"??m\x11%????\x7f1\x7fa??ʀ??K[\rt??\x11??\x0e!A0?ΈfT.?T?w\a?ƌ\v?р???aco?V/2\x14??nَ?
?}?6?\x19_?z?{
It might be worth ameloriating that attack by making git log always
show the full buffer. Or it would be easy to write a tool that finds
any commits that have a NULL in their message.
--
see shy jo
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 828 bytes --]
next prev parent reply other threads:[~2011-09-09 16:03 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-07 20:56 [PATCH 1/2] send-pack: typofix error message Junio C Hamano
2011-09-07 20:57 ` [PATCH 2/2] push -s: skeleton Junio C Hamano
2011-09-07 21:18 ` Shawn Pearce
2011-09-07 22:21 ` Junio C Hamano
2011-09-07 23:23 ` Shawn Pearce
2011-09-08 16:24 ` Junio C Hamano
2011-09-07 22:21 ` Nguyen Thai Ngoc Duy
2011-09-07 22:40 ` Junio C Hamano
2011-09-07 23:55 ` Robin H. Johnson
2011-09-08 20:03 ` Jeff King
2011-09-09 1:30 ` Robin H. Johnson
2011-09-09 16:03 ` Joey Hess [this message]
2011-09-09 16:14 ` Drew Northup
2011-09-09 19:12 ` Jeff King
2011-09-08 4:37 ` [PATCH 3/2] Split GPG interface into its own helper library Junio C Hamano
2011-09-08 4:38 ` [PATCH 4/2] push -s: send signed push certificate Junio C Hamano
2011-09-08 5:38 ` [PATCH 5/2] push -s: receiving end Junio C Hamano
2011-09-08 9:31 ` Johan Herland
2011-09-08 16:43 ` Junio C Hamano
2011-09-08 19:35 ` [PATCH 2/2] push -s: skeleton Jeff King
2011-09-08 20:48 ` Junio C Hamano
2011-09-08 21:02 ` Jeff King
2011-09-08 22:19 ` Junio C Hamano
2011-09-09 15:34 ` Jeff King
2011-09-09 17:32 ` Junio C Hamano
[not found] ` <CAJo=hJsQvRN3Z0xJg9q37Km1g_1qUdJKNQ6n8=a9mv3YjugyVw@mail.gmail.com>
2011-09-09 15:22 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110909160301.GA9707@gnu.kitenet.net \
--to=joey@kitenet.net \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).