From: Stefan Beller <sbeller@google.com>
To: Santiago Torres <santiago@nyu.edu>
Cc: Git <git@vger.kernel.org>
Subject: Re: [RFC] Malicously tampering git metadata?
Date: Fri, 22 Jan 2016 10:51:09 -0800 [thread overview]
Message-ID: <CAGZ79kYOQ1sphdozTXGf+Q2n=kNpmGx1pvzLD5SHBqfhWDBA3Q@mail.gmail.com> (raw)
In-Reply-To: <20160122180007.GB28871@LykOS>
On Fri, Jan 22, 2016 at 10:00 AM, Santiago Torres <santiago@nyu.edu> wrote:
> On Thu, Jan 14, 2016 at 09:21:28AM -0800, Stefan Beller wrote:
>> On Thu, Jan 14, 2016 at 9:16 AM, Santiago Torres <santiago@nyu.edu> wrote:
>> > Hello Stefan, thanks for your feedback again.
>> >
>> >> This is what push certs ought to solve already?
>> >
>> > Yes, they aim to solve the same issue. Unfortunately, push certificates
>> > don't solve all posible scenarios of metadata manipulation (e.g., a
>> > malicious server changing branch pointers to trick a user into merging
>> > unwanted changes).
>> >
>> >> AFAIU the main issue with untrustworthy servers is holding back the latest push.
>> >> As Ted said, usually there is problem in the code and then the fix is pushed,
>> >> but the malicious server would not advertise the update, but deliver the old
>> >> unfixed version.
>> >>
>> >> This attack cannot be mitigated by having either a side channel (email
>> >> announcements)
>> >> or time outs (state is only good if push cert is newer than <amount of
>> >> time>, but this may
>> >> require empty pushes)
>> >>
>> >
>> > I'm sorry, did you mean to say "can"?
>>
>> Yes, formulating that sentence took a while and I did not proofread it.
>
> Sorry, Stefan. I didn't mean to come off as rude; I just wanted to make
> sure I understood correctly what you were proposing.
Not at all, I just made a typo. :)
>
> Do you have any further insight? I think that, besides the supporting
> multiple workflows, maybe synchronizing concurrent fetches might be an
> issue to our solution.
I did not think further about any issues there.
Thanks,
Stefan
>
> Thanks a lot!
> -Santiago.
prev parent reply other threads:[~2016-01-22 18:51 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-16 3:26 [RFC] Malicously tampering git metadata? Santiago Torres
2015-12-16 7:20 ` Stefan Beller
2015-12-18 1:06 ` Santiago Torres
2015-12-18 3:55 ` Jeff King
2015-12-18 4:02 ` Jeff King
2015-12-18 23:10 ` Theodore Ts'o
2015-12-19 17:30 ` Santiago Torres
2015-12-20 1:28 ` Theodore Ts'o
2016-01-12 18:21 ` Santiago Torres
2016-01-12 18:39 ` Stefan Beller
2016-01-14 17:16 ` Santiago Torres
2016-01-14 17:21 ` Stefan Beller
2016-01-22 18:00 ` Santiago Torres
2016-01-22 18:51 ` Stefan Beller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGZ79kYOQ1sphdozTXGf+Q2n=kNpmGx1pvzLD5SHBqfhWDBA3Q@mail.gmail.com' \
--to=sbeller@google.com \
--cc=git@vger.kernel.org \
--cc=santiago@nyu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.