[TOPIC 17/17] Security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

1. Demtr: what are people doing to prevent security issues? For example, not allowing things into trees that would be problematic for various filesystems.
2. Jonathan N: transfer fsck objects by default, to validate at the trust boundary (in case some code paths at use time are missing some validation)
3. Peff: we have had buffer overflows, most are logic errors, and mostly paths related. Recently we’ve tightened up which paths are allowed. Forbidding things that might be valid on Linux, but problems on Windows. Can’t catch everything though, because Windows is so so complex 

4. Stolee: I am fearful, and do not know all the rules.

5. Peff: I don’t think it is possible.
6. Demetr: only latin chars, numbers and a few other characters. Do not allow any special symbols.
7. Brian: that’s going to break lots of existing projects. Some projects have never been on Windows, and therefore people have no concern about Windows. People checking files that are strange to deliberately test strange files in their own software. If Windows has an API to test filepath, there is not much we can do to protect it. Compatibility is important.
8. Peff: probably some cleanup needed, maybe can’t clone git.git. Some paths that are innocuous, are a problem in strange situations. 

9. Jonathan N: what in Git's design scares the crap out of you?
10. ZJ: GitLab shells out for everything. We had injections. Now we have a DSL to verify things. Looking at --end-of-options.
11. Peff: C is terrifying. Rust rewrite please. Still have integer overflow risks. Tried to deal with it a few years ago, and found some more a few months back. A happy story: OID array uses signed integer, because no-one has more than 2billion objects. Someone had 3billion objects. Just the SHA1s are 60GB. Found it because it triggered overflow in st_add. As soon as they wrapped around, it crashed, preventing under allocation 

12. Jeff H: communication between processes

13. <musical interlude>
14. Peff: I feel good about where we read and write strings to each other. Maybe if we were using JSON encode/decode it might be easier to handle obscure cases
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux