From: Santiago Torres <santiago@nyu.edu>
To: Stefan Beller <sbeller@google.com>
Cc: Git <git@vger.kernel.org>
Subject: Re: [RFC] Malicously tampering git metadata?
Date: Fri, 22 Jan 2016 13:00:08 -0500 [thread overview]
Message-ID: <20160122180007.GB28871@LykOS> (raw)
In-Reply-To: <CAGZ79ka51e+-24RyMgUGAOUkBYXxnWZb8Pg7vrgjGHvvWU770Q@mail.gmail.com>
On Thu, Jan 14, 2016 at 09:21:28AM -0800, Stefan Beller wrote:
> On Thu, Jan 14, 2016 at 9:16 AM, Santiago Torres <santiago@nyu.edu> wrote:
> > Hello Stefan, thanks for your feedback again.
> >
> >> This is what push certs ought to solve already?
> >
> > Yes, they aim to solve the same issue. Unfortunately, push certificates
> > don't solve all posible scenarios of metadata manipulation (e.g., a
> > malicious server changing branch pointers to trick a user into merging
> > unwanted changes).
> >
> >> AFAIU the main issue with untrustworthy servers is holding back the latest push.
> >> As Ted said, usually there is problem in the code and then the fix is pushed,
> >> but the malicious server would not advertise the update, but deliver the old
> >> unfixed version.
> >>
> >> This attack cannot be mitigated by having either a side channel (email
> >> announcements)
> >> or time outs (state is only good if push cert is newer than <amount of
> >> time>, but this may
> >> require empty pushes)
> >>
> >
> > I'm sorry, did you mean to say "can"?
>
> Yes, formulating that sentence took a while and I did not proofread it.
Sorry, Stefan. I didn't mean to come off as rude; I just wanted to make
sure I understood correctly what you were proposing.
Do you have any further insight? I think that, besides the supporting
multiple workflows, maybe synchronizing concurrent fetches might be an
issue to our solution.
Thanks a lot!
-Santiago.
next prev parent reply other threads:[~2016-01-22 18:00 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-16 3:26 [RFC] Malicously tampering git metadata? Santiago Torres
2015-12-16 7:20 ` Stefan Beller
2015-12-18 1:06 ` Santiago Torres
2015-12-18 3:55 ` Jeff King
2015-12-18 4:02 ` Jeff King
2015-12-18 23:10 ` Theodore Ts'o
2015-12-19 17:30 ` Santiago Torres
2015-12-20 1:28 ` Theodore Ts'o
2016-01-12 18:21 ` Santiago Torres
2016-01-12 18:39 ` Stefan Beller
2016-01-14 17:16 ` Santiago Torres
2016-01-14 17:21 ` Stefan Beller
2016-01-22 18:00 ` Santiago Torres [this message]
2016-01-22 18:51 ` Stefan Beller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160122180007.GB28871@LykOS \
--to=santiago@nyu.edu \
--cc=git@vger.kernel.org \
--cc=sbeller@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).