All of lore.kernel.org
 help / color / mirror / Atom feed
From: 1234dev <1234dev@protonmail.com>
To: Jeff King <peff@peff.net>, "git@vger.kernel.org" <git@vger.kernel.org>
Subject: Re: Can Git repos be hacked or otherwise manipulated?
Date: Wed, 15 Jan 2020 03:18:34 +0000	[thread overview]
Message-ID: <bvMqhQOr4uENl8j2zcFOY0ogJmUqTRofCGyPlPc_xaXQXSP5ds9lgdglXkjTZng9U5WSpo-Uc2_SzCTdpAvLTeruT-tW3GTDkWj9dfLznuM=@protonmail.com> (raw)
In-Reply-To: <20200114220826.GB3957260@coredump.intra.peff.net>

Hello Jeff and thank you for your response!

To work around this problem, should we instead host this repo on a public service? If so which one would you recommend?

--Jonathan

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, January 14, 2020 10:08 PM, Jeff King <peff@peff.net> wrote:

> On Tue, Jan 14, 2020 at 02:48:05PM +0000, 1234dev wrote:
>
> > Let's say you're working with a team of elite hackers, passing a
> > tarball of a Git repo back and forth as you complete your mission. Now
> > let's say one of them has malicious intent. What are the possibilities
> > that he or she can, for instance, hide changes made to a script or
> > binary that does something malicious if executed? Or perhaps maybe
> > there are other such scenarios one should be made aware of?
>
> It is absolutely not safe to run Git commands from a tarball of an
> untrusted repo. There are many ways to execute arbitrary code specified
> by a config option, and you'd be getting recipients .git/config.
> Likewise for hooks.
>
> And while we would consider it a bug if you can trigger a memory error
> by reading a corrupted or malicious on-disk file, that's gotten way
> less auditing than the code paths which take in objects from a remote.
> So e.g., I would not be surprised if there are vulnerabilities that
> could cause out-of-bounds reads of a corrupted .git/index.
>
> -Peff



  reply	other threads:[~2020-01-15  3:18 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-01-14 14:48 Can Git repos be hacked or otherwise manipulated? 1234dev
2020-01-14 22:08 ` Jeff King
2020-01-15  3:18   ` 1234dev [this message]
2020-01-15  3:43     ` Jonathan Nieder
2020-01-15 18:01     ` Jeff King
2020-01-16 20:15       ` Junio C Hamano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='bvMqhQOr4uENl8j2zcFOY0ogJmUqTRofCGyPlPc_xaXQXSP5ds9lgdglXkjTZng9U5WSpo-Uc2_SzCTdpAvLTeruT-tW3GTDkWj9dfLznuM=@protonmail.com' \
    --to=1234dev@protonmail.com \
    --cc=git@vger.kernel.org \
    --cc=peff@peff.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.