Re: Git and SHA-1 security (again)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Duy Nguyen <pclouds@xxxxxxxxx> writes:

> Post-shower thoughts. In a tree object, a submodule entry consists of
> perm (S_IFGITLINK), hash (which is the external hash) and path. We
> could fill the "hash" part with all zero (invalid, signature of new
> submodule hash format), then append "/<hashtype>:<external hash>" to
> the "path" part. This way we don't have to update tree object or index
> format. And I suspect the "path" part is available everywhere we need
> to handle submodules already, so extracting the external hash should
> be possible...

Even though that single operation might be possible, do not go
there.  A "pathname" identifies a "path", not its contents, and
"appending crap after path" breaks the data model badly.  Also other
things like merge, checkout and diff would break by butchering
ordering the entries in tree objects.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]