On Wed, 04 Aug 2010 22:03:14 +0200 Till Maas <opensource@xxxxxxxxx> wrote: > On Wed, Aug 04, 2010 at 09:42:01AM -0700, Adam Williamson wrote: > > > I suspect it might short-circuit the 'ahhh, but what about...' > > 'oooh, but then I can...' nature of the conversation if you just > > put together a proof-of-concept attack and document it somewhere. I > > suspect the git maintainers might be interested at that point as > > well. :) > > The attack is quite trivial: > 1) clone the git pkg Fedora repos > 2) commit some nasty change > 3) publish the repo on some server > 4) if the victim wants to fetch from the Fedora pkg repo, use the MITM > attack to make him fetch from the server set up in step 3. Steps 1-3 > can obviously be done on-demand. > > If this is e.g. done on a conference / FUDCon / Fedora Action Day, the > attack can easily targeted to make the change in step 2 be expected to > be fast forward. E.g. if packages simply need to be bumped for a > rebuild, a upload of a bad tarball and modification of the sources > file might be unnoticed. Just to clarify, as this is a long thread: This only works if people are using git:// urls, not the default for fedora ssh: ones, right? (provided you have connected before to pkgs.fedoraproject.org and have the known_hosts entry?) kevin
Attachment:
signature.asc
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
