From: "H. Peter Anvin" <hpa@zytor.com>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: Junio C Hamano <junkio@cox.net>, git@vger.kernel.org
Subject: Re: [PATCH] git-daemon extra paranoia
Date: Tue, 18 Oct 2005 15:08:20 -0700 [thread overview]
Message-ID: <43557254.3010807@zytor.com> (raw)
In-Reply-To: <4355691D.2010200@zytor.com>
H. Peter Anvin wrote:
>
> For security, avoiding aliases is highly desirable, and if they're
> useless the easiest way to do that is to reject. If aliases are
> required, which it sounds like it might be, then canonicalization needs
> to be applied.
>
> This may sound redundant, but a lot of avoiding security holes involves
> applying good practices up front, instead of reactively.
>
I thought I might want to add a bit of an explanation, just for the
purpose of illustration.
Right now, we use a whitelist for access control. Aliases are not a
problem, because they fail shut.
A year from now, someone decides that they want a "all but" feature, and
thus adds a blacklist on top of the whitelist. If aliases are
permitted, unless the blacklist logic is written very carefully, one
would then be able to get around the blacklist by using one of the
aliased paths.
Improper handling of aliases is probably second only to buffer overflows
and large-string DoS attacks when it comes to security vulnerabilities.
-hpa
next prev parent reply other threads:[~2005-10-18 22:08 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-18 20:54 [PATCH] git-daemon extra paranoia H. Peter Anvin
2005-10-18 21:19 ` Junio C Hamano
2005-10-18 21:29 ` H. Peter Anvin
2005-10-18 22:08 ` H. Peter Anvin [this message]
2005-10-18 22:13 ` [PATCH] Revised - " H. Peter Anvin
2005-10-18 22:25 ` [PATCH] " Linus Torvalds
2005-10-18 22:47 ` Junio C Hamano
2005-10-18 23:21 ` Linus Torvalds
2005-10-19 0:21 ` H. Peter Anvin
2005-10-19 0:41 ` Linus Torvalds
2005-10-19 0:43 ` H. Peter Anvin
2005-10-19 1:18 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43557254.3010807@zytor.com \
--to=hpa@zytor.com \
--cc=git@vger.kernel.org \
--cc=junkio@cox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).