From: Junio C Hamano <gitster@pobox.com>
To: Jonathan Tan <jonathantanmy@google.com>
Cc: git@vger.kernel.org, markbt@efaref.net, git@jeffhostetler.com,
kevin.david@microsoft.com
Subject: Re: Proposal for missing blob support in Git repos
Date: Mon, 01 May 2017 18:41:27 -0700 [thread overview]
Message-ID: <xmqq37cof320.fsf@gitster.mtv.corp.google.com> (raw)
In-Reply-To: <c0c8a0c3-582c-cf3b-3833-c918a0630f9f@google.com> (Jonathan Tan's message of "Mon, 1 May 2017 17:33:01 -0700")
Jonathan Tan <jonathantanmy@google.com> writes:
> On 05/01/2017 04:29 PM, Junio C Hamano wrote:
>> Jonathan Tan <jonathantanmy@google.com> writes:
>>
>>> Thanks for your comments. If you're referring to the codepath
>>> involving write_sha1_file() (for example, builtin/hash-object ->
>>> index_fd or builtin/unpack-objects), that is fine because
>>> write_sha1_file() invokes freshen_packed_object() and
>>> freshen_loose_object() directly to check if the object already exists
>>> (and thus does not invoke the new mechanism in this patch).
>>
>> Is that a good thing, though? It means that you an attacker can
>> feed one version to the remote object store your "grab blob" hook
>> gets the blobs from, and have you add a colliding object locally,
>> and the usual "are we recording the same object as existing one?"
>> check is bypassed.
>
> If I understand this correctly, what you mean is the situation where
> the hook adds an object to the local repo, overriding another object
> of the same name?
No.
write_sha1_file() pays attention to objects already in the local
object store to avoid hash collisions that can be used to replace a
known-to-be-good object and that is done as a security measure.
What I am reading in your response was that this new mechanism
bypasses that, and I was wondering if that is a good thing.
next prev parent reply other threads:[~2017-05-02 1:41 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-26 22:13 Proposal for missing blob support in Git repos Jonathan Tan
2017-05-01 3:57 ` Junio C Hamano
2017-05-01 19:12 ` Jonathan Tan
2017-05-01 23:29 ` Junio C Hamano
2017-05-02 0:33 ` Jonathan Tan
2017-05-02 0:38 ` Brandon Williams
2017-05-02 1:41 ` Junio C Hamano [this message]
2017-05-02 17:21 ` Jonathan Tan
2017-05-02 18:32 ` Ævar Arnfjörð Bjarmason
2017-05-02 21:45 ` Jonathan Tan
2017-05-04 4:29 ` Junio C Hamano
2017-05-04 17:09 ` Jonathan Tan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqq37cof320.fsf@gitster.mtv.corp.google.com \
--to=gitster@pobox.com \
--cc=git@jeffhostetler.com \
--cc=git@vger.kernel.org \
--cc=jonathantanmy@google.com \
--cc=kevin.david@microsoft.com \
--cc=markbt@efaref.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).