On Wed, 2010-08-04 at 01:33 -0700, Matt McCutchen wrote: > On Tue, 2010-08-03 at 22:09 +0000, Ben Boeckel wrote: > > Matt McCutchen <matt@xxxxxxxxxxxxxxxxx> wrote: > > > No. If the attacker MITMs the entire connection, they can lie about the > > > values of the remote refs too, so there is no need to find a hash > > > collision. > > > > And how would you then be allowed to push? The git server would see that > > your history doesn't match the history it has and will refuse the > > commits. > > When the maintainer fetches, the attacker adds malicious commits on top > of the real remote ref value, and then the maintainer pushes those > commits as if he committed them himself. But IMNSHO, malicious > alteration of a fetch is something maintainers shouldn't have to deal > with, regardless of what the consequences might or might not be. > > (I should have changed the subject two round trips ago. Oh well...) I suspect it might short-circuit the 'ahhh, but what about...' 'oooh, but then I can...' nature of the conversation if you just put together a proof-of-concept attack and document it somewhere. I suspect the git maintainers might be interested at that point as well. :) -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
