From: Jeff King <peff@peff.net>
To: Joey Hess <joey@kitenet.net>
Cc: Git Mailing List <git@vger.kernel.org>
Subject: Re: [PATCH 2/2] push -s: skeleton
Date: Fri, 9 Sep 2011 15:12:40 -0400 [thread overview]
Message-ID: <20110909191240.GA30019@sigill.intra.peff.net> (raw)
In-Reply-To: <20110909160301.GA9707@gnu.kitenet.net>
On Fri, Sep 09, 2011 at 12:03:01PM -0400, Joey Hess wrote:
> The most credible attack I have so far does not involve binary files in
> tree. Someone pointed out that git log, git show, etc stop printing
> commit messages at NULL.
It was me.
> It might be worth ameloriating that attack by making git log always
> show the full buffer. Or it would be easy to write a tool that finds
> any commits that have a NULL in their message.
Unfortunately, that is going to involve a pretty huge code audit of git,
as the "tack a \0 to the end of an object just in case" code dates back
quite a while (e871b64, unpack_sha1_file: zero-pad the unpacked
object, 2005-05-25). So I suspect there is a lot of code built on
top of the assumption that commit messages are NUL-terminated strings.
Besides which, that is only one form of hiding. If collision attacks
against sha1 become a possibility, I think we are better to talk about
moving to a new hash. Even sha-256 truncated to 160 bits would be better
than sha-1 (AFAIK, that family of SHA does not suffer from the same
attacks, so we would still be in the 2^80 range for collision attacks).
-Peff
next prev parent reply other threads:[~2011-09-09 19:12 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-07 20:56 [PATCH 1/2] send-pack: typofix error message Junio C Hamano
2011-09-07 20:57 ` [PATCH 2/2] push -s: skeleton Junio C Hamano
2011-09-07 21:18 ` Shawn Pearce
2011-09-07 22:21 ` Junio C Hamano
2011-09-07 23:23 ` Shawn Pearce
2011-09-08 16:24 ` Junio C Hamano
2011-09-07 22:21 ` Nguyen Thai Ngoc Duy
2011-09-07 22:40 ` Junio C Hamano
2011-09-07 23:55 ` Robin H. Johnson
2011-09-08 20:03 ` Jeff King
2011-09-09 1:30 ` Robin H. Johnson
2011-09-09 16:03 ` Joey Hess
2011-09-09 16:14 ` Drew Northup
2011-09-09 19:12 ` Jeff King [this message]
2011-09-08 4:37 ` [PATCH 3/2] Split GPG interface into its own helper library Junio C Hamano
2011-09-08 4:38 ` [PATCH 4/2] push -s: send signed push certificate Junio C Hamano
2011-09-08 5:38 ` [PATCH 5/2] push -s: receiving end Junio C Hamano
2011-09-08 9:31 ` Johan Herland
2011-09-08 16:43 ` Junio C Hamano
2011-09-08 19:35 ` [PATCH 2/2] push -s: skeleton Jeff King
2011-09-08 20:48 ` Junio C Hamano
2011-09-08 21:02 ` Jeff King
2011-09-08 22:19 ` Junio C Hamano
2011-09-09 15:34 ` Jeff King
2011-09-09 17:32 ` Junio C Hamano
[not found] ` <CAJo=hJsQvRN3Z0xJg9q37Km1g_1qUdJKNQ6n8=a9mv3YjugyVw@mail.gmail.com>
2011-09-09 15:22 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110909191240.GA30019@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=joey@kitenet.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.