From: shawn wilson <ag4ve.us@gmail.com>
To: Jonathan Nieder <jrnieder@gmail.com>
Cc: John Tapsell <johnflux@gmail.com>,
Junio C Hamano <gitster@pobox.com>,
Simon Ruderich <simon@ruderich.org>,
Git List <git@vger.kernel.org>, Tay Ray Chuan <rctay89@gmail.com>
Subject: Re: git log -p unexpected behaviour - security risk?
Date: Tue, 30 Apr 2013 07:48:58 -0400 [thread overview]
Message-ID: <CAH_OBidM2D4Nkb9tHTWqPRVz0GVUEnn9NJ++rzWGYSd+7sgTMg@mail.gmail.com> (raw)
In-Reply-To: <20130421160939.GA29341@elie.Belkin>
Sorta OT, but I'm curious,
On Sun, Apr 21, 2013 at 12:09 PM, Jonathan Nieder <jrnieder@gmail.com> wrote:
> For example, whenever git adds (or plans) support for a new header
> line in commit objects, before you've upgraded, a prankster can
> provide a bad value for that header line in objects they hand-craft.
> "git fsck" in your older version of git will accept the resulting
> objects on the assumption that they came from a newer version of git,
> so you won't notice. Later you upgrade Git and "git fsck" considers
> the objects malformed. Clients with "[transfer] fsckobjects" enabled
> start to reject your history. That is, this person has made your
> repository corrupt in the eyes of "git fsck".
>
> The usual excellent integrity checking will let you pinpoint the
> problem to the merge from that untrusted person so you can avoid
> trusting them again, and all the data will be there to recover without
> them. So it is auditable later. But this does mean that with the
> current design, there is some level of trust required to let someone
> commit into your history unless you inspect their work with a
> fine-toothed comb.
>
Has anyone written a test case for this?
next prev parent reply other threads:[~2013-04-30 11:49 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-11 10:36 git log -p unexpected behaviour - security risk? John Tapsell
2013-04-11 15:19 ` Tay Ray Chuan
2013-04-20 14:00 ` Simon Ruderich
2013-04-21 7:26 ` Junio C Hamano
2013-04-21 8:56 ` John Tapsell
2013-04-21 10:21 ` Jonathan Nieder
2013-04-21 13:46 ` John Tapsell
2013-04-21 15:56 ` Thomas Rast
2013-04-21 16:09 ` Jonathan Nieder
2013-04-21 18:42 ` Junio C Hamano
2013-04-30 10:09 ` John Szakmeister
2013-04-30 16:37 ` Junio C Hamano
2013-04-30 16:47 ` John Szakmeister
2013-04-30 17:05 ` Matthieu Moy
2013-04-30 17:58 ` John Szakmeister
2013-04-30 19:31 ` John Tapsell
2013-04-30 19:44 ` git log -p unexpected behaviour Junio C Hamano
2013-04-30 20:12 ` John Tapsell
2013-04-30 20:38 ` Junio C Hamano
2013-05-01 7:23 ` John Tapsell
2013-04-30 11:48 ` shawn wilson [this message]
2013-04-21 18:25 ` git log -p unexpected behaviour - security risk? Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAH_OBidM2D4Nkb9tHTWqPRVz0GVUEnn9NJ++rzWGYSd+7sgTMg@mail.gmail.com \
--to=ag4ve.us@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=johnflux@gmail.com \
--cc=jrnieder@gmail.com \
--cc=rctay89@gmail.com \
--cc=simon@ruderich.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).