From: Junio C Hamano <gitster@pobox•com>
To: Stefan Beller <sbeller@google•com>
Cc: Johannes Schindelin <Johannes.Schindelin@gmx•de>,
Ben Peart <peartben@gmail•com>,
Ben Peart <benpeart@microsoft•com>,
"git\@vger.kernel.org" <git@vger•kernel.org>,
Jeff Hostetler <jeffhost@microsoft•com>,
Thomas Gummerer <t.gummerer@gmail•com>,
Michael Haggerty <mhagger@alum•mit.edu>
Subject: Re: [PATCH v1] read_index_from(): Skip verification of the cache entry order to speed index loading
Date: Sat, 21 Oct 2017 10:55:46 +0900 [thread overview]
Message-ID: <xmqqbml1gt7h.fsf@gitster.mtv.corp.google.com> (raw)
In-Reply-To: <CAGZ79kZ_WjnH-vM84C8cE-jS=V=p4tGSiwXX3cKwbDOUvUs_dA@mail.gmail.com> (Stefan Beller's message of "Fri, 20 Oct 2017 11:53:25 -0700")
Stefan Beller <sbeller@google•com> writes:
> There was a recent thread (which I assumed was the one I linked), that talked
> about security implications as soon as we loose the rather strict "git
> is to be used
> in a posix world", e.g. sharing your repo over NFS/Dropbox. The
> specific question
> that Peff asked was how the internal formats can be exploited. (Can a malicious
> index file be crafted such that it is not just a segfault, but a
> 'remote' code execution,
> given that you deploy the maliciously crafted file via NFS. Removing checks that
> we already have made me a bit suspicious that it *may* be helping an
> attacker here,
> though I have no hard data to show)
>
> Sorry for the confusion,
Thanks for an explanation, as I had the same reaction as Dscho
initially. I'd assumed that the worst would be to create a wrong
state (e.g. the same path registered twice with different contents
in the index, a malformed tree written out of it, etc.), but that's
merely an assumption not the result of an audit.
next prev parent reply other threads:[~2017-10-21 1:55 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-18 14:27 [PATCH v1] read_index_from(): Skip verification of the cache entry order to speed index loading Ben Peart
2017-10-19 5:22 ` Junio C Hamano
2017-10-19 15:12 ` Ben Peart
2017-10-19 16:05 ` Jeff King
2017-10-20 1:14 ` Junio C Hamano
2017-10-19 22:14 ` Stefan Beller
2017-10-20 12:47 ` Johannes Schindelin
2017-10-20 18:53 ` Stefan Beller
2017-10-21 1:55 ` Junio C Hamano [this message]
2017-10-24 14:45 ` [PATCH v2] " Ben Peart
2017-10-30 12:48 ` Ben Peart
2017-10-30 18:03 ` Jeff King
2017-10-31 0:33 ` Alex Vandiver
2017-10-31 13:01 ` Ben Peart
2017-10-31 17:10 ` Jeff King
2017-11-01 6:09 ` Junio C Hamano
2017-10-31 1:49 ` Junio C Hamano
2017-10-31 12:51 ` Ben Peart
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqbml1gt7h.fsf@gitster.mtv.corp.google.com \
--to=gitster@pobox$(echo .)com \
--cc=Johannes.Schindelin@gmx$(echo .)de \
--cc=benpeart@microsoft$(echo .)com \
--cc=git@vger$(echo .)kernel.org \
--cc=jeffhost@microsoft$(echo .)com \
--cc=mhagger@alum$(echo .)mit.edu \
--cc=peartben@gmail$(echo .)com \
--cc=sbeller@google$(echo .)com \
--cc=t.gummerer@gmail$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox