Re: [PATCH 2/2] push -s: skeleton

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Robin H. Johnson wrote:
> Joey Hess discussed this two years ago, and again last week:
> http://kitenet.net/~joey/blog/entry/size_of_the_git_sha1_collision_attack_surface/
> 
> This is easy in the kernel tree, it's got lots of eyeballs and only few
> binary files. This isn't true for lots of other Git trees, a tree with a
> JPEG image or a gzip file would be a great target.

The most credible attack I have so far does not involve binary files in
tree. Someone pointed out that git log, git show, etc stop printing
commit messages at NULL. So colliding binary garbage can be put in a
commit message and be unlikely to be noticed, and the commit can
later be altered to point to a different tree.

https://github.com/joeyh/supercollider

joey@gnu:~/tmp/supercollider>git log
commit 24f30db5790b209fa412ce81c5ef2bf8af5fd4d7
Author: Joey Hess <joey@xxxxxxxxxxx>
Date:   Fri Sep 9 11:49:21 2011 -0400

    an innocent commit
    
    If this were a sha1 colliding attack, there would be some sort of binary
    garbage below. Which there isn't. So this can be safely merged.
joey@gnu:~/tmp/supercollider>git cat-file commit 24f30db5790b209fa412ce81c5ef2bf8af5fd4d7
tree 735a7633237c07b398856005de3bc9ea00446747
author Joey Hess <joey@xxxxxxxxxxx> 1315583361 -0400
committer Joey Hess <joey@xxxxxxxxxxx> 1315583361 -0400

an innocent commit

If this were a sha1 colliding attack, there would be some sort of binary
garbage below. Which there isn't. So this can be safely merged.



??b???[?i??ͯ?t?2??????os?<????h?+,M?mY?e?EW?iv$???J??U}n~???L??????f???ě??3>?Q??H?޸*zl?RA˂q?E?E7???\?m???U?>MU	GY?d)?ȼ??'g?~D??ɯhQ????/"E??X?m???^͸??S?D??;w6(?`??>?縘?AѲ?*!??@v????>?8??2?!??=*?J	

???ynH???c?w?\??K7???N?6?????A5?FM?wZ?~?pKY?R???s7??(?ƶ?_"??m%????1a??ʀ??K[
t????!A0?ΈfT.?T?w?򁛵ƌ?р???aco?V/2??nَ?
?}?6?_?z?{

It might be worth ameloriating that attack by making git log always
show the full buffer. Or it would be easy to write a tool that finds
any commits that have a NULL in their message.

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]