Re: [PATCH 2/2] http: prevent redirect from dropping credentials during reauth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2024-02-04 at 18:54:27, Quentin Bouget wrote:
> During a re-authentication (second attempt at authenticating with a
> remote, e.g. after a failed GSSAPI attempt), git allows the remote to
> provide credential overrides in the redirect URL and unconditionnaly
> drops the current HTTP credentials in favors of those, even when there
> aren't any.
> 
> This commit makes it so HTTP credentials are only overridden when the
> redirect URL actually contains credentials itself.

I don't think your proposed change is safe.  Credentials are supposed to
be tied to a certain site and may even be tied to a specific repository,
and if there's a redirect, then we need to re-fetch credentials or we
could leak credentials to the wrong site by reusing them.  Your change
would therefore introduce a security vulnerability.

I should also point out that in general we are trying to make it less
easy and less convenient for people to use credentials in the URL
because that always necessitates insecure storage.  There have in fact
been proposals to remove that functionality entirely.
-- 
brian m. carlson (he/him or they/them)
Toronto, Ontario, CA

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux