From: Junio C Hamano <gitster@pobox.com>
To: Jon Loeliger <jdl@jdl.com>
Cc: Matt McCutchen <matt@mattmccutchen.net>, git@vger.kernel.org
Subject: Re: Fetch/push lets a malicious server steal the targets of "have" lines
Date: Sun, 30 Oct 2016 01:16:37 -0700 [thread overview]
Message-ID: <xmqqpomiuu8q.fsf@gitster.mtv.corp.google.com> (raw)
In-Reply-To: <E1c0XaZ-0007Ab-QI@mylo.jdl.com> (Jon Loeliger's message of "Sat, 29 Oct 2016 12:38:39 -0500")
Jon Loeliger <jdl@jdl.com> writes:
> Is there an existing protocol provision, or an extension to
> the protocol that would allow a distrustful client to say to
> the server, "Really, you have Y2? Prove it."
There is not, but I do not think it would be an effective solution.
The issue is not the lack of protocol support, but how to determine
that the other side needs such a proof for Y2 but not for other
commits. How does your side know what makes Y2 special and why does
yout side think they should not have Y2?
Once you know how to determine Y2 is special, that knowledge can be
used to abort the "push" before even starting. When you are pushing
back the 'master' and that 'master' reaches Y2, which must be kept
secret, you shouldn't be pushing that 'master' to them, whether they
claim to have Y2 or not.
I think the above is just a different way to say what Peff just said
(paraphrasing, do not push what is secret).
next prev parent reply other threads:[~2016-10-30 8:16 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-28 21:39 Fetch/push lets a malicious server steal the targets of "have" lines Matt McCutchen
2016-10-28 22:00 ` Junio C Hamano
2016-10-28 22:16 ` Matt McCutchen
2016-10-29 1:11 ` Junio C Hamano
2016-10-29 3:33 ` Matt McCutchen
2016-10-29 13:39 ` Jeff King
2016-10-29 16:08 ` Matt McCutchen
2016-10-29 19:10 ` Jeff King
2016-10-30 7:53 ` Junio C Hamano
2016-11-13 1:25 ` [PATCH] fetch/push: document that private data can be leaked Matt McCutchen
2016-11-14 2:57 ` Junio C Hamano
2016-11-14 18:28 ` Matt McCutchen
2016-11-14 18:20 ` [PATCH] doc: mention transfer data leaks in more places Matt McCutchen
2016-11-14 19:19 ` Junio C Hamano
2016-11-14 19:00 ` [PATCH] fetch/push: document that private data can be leaked Junio C Hamano
2016-11-14 19:07 ` Jeff King
2016-11-14 19:47 ` Junio C Hamano
2016-11-14 19:08 ` Matt McCutchen
[not found] ` <CAPc5daVOxmowdiTU3ScFv6c_BRVEJ+G92gx_AmmKnR-WxUKv-Q@mail.gmail.com>
2016-10-29 16:07 ` Fetch/push lets a malicious server steal the targets of "have" lines Matt McCutchen
2016-10-30 8:03 ` Junio C Hamano
2016-11-13 2:10 ` Matt McCutchen
2016-10-29 17:38 ` Jon Loeliger
2016-10-30 8:16 ` Junio C Hamano [this message]
2016-11-13 2:44 ` Matt McCutchen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqpomiuu8q.fsf@gitster.mtv.corp.google.com \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=jdl@jdl.com \
--cc=matt@mattmccutchen.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).