Re: [PATCH] documentation: add git transport security notice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Fredrik Gustafsson <iveqy@xxxxxxxxx> writes:

> On Tue, Jun 25, 2013 at 07:57:35AM +1000, Fraser Tweedale wrote:
>>  The git transport is insecure and should be used with caution on
>>  unsecured networks.
>
> I don't understand this. How is git:// insecure?
>
> It's protocol with no authentication, because it's a protocol used for
> public sharing.
>
> The only point of encrypt git:// would be to verify that the recieved
> data has not been altered along the way. However you can always trust
> that the end result is an valid copy of the remote.
>
> To me that means that it's as secure as a non-authentication protocoll
> needs to be.

If your DNS is poisoned, or your router is compromised to allow your
traffic diverted, you may be fetching from somewhere you did not
intend to.  As I explained in a separate message, that does not
necessarily result in your repository corrupting, but the result,
even though it may be "git fsck" clean at the bit level, needs
additional validation measure, such as signed tags, to be safely
used to base your further work on top.

> How would an "evil network" be able to do any harm to a git transport
> over git://?

Yes, strictly speaking, it may not be "transport being insecure",
but the effect on the aggregated whole is the same.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]