

GIT is not secure against tampering - zobzu

It is a very bad practice to blind people into making them think GIT is foolproof against tampering while it is not.<p>kernel.org could have been tampered with, and we won't know.<p>See these rebuttals:
https://lwn.net/Articles/457539/ 
https://plus.google.com/u/0/101646537009659972657/posts/ieGgPKJM2NP
======
burgerbrain
Concerning _"SHA-1 attack"_ and _"Random GIT modifications"_

[http://osdir.com/ml/version-
control.git/2005-06/msg00583.htm...](http://osdir.com/ml/version-
control.git/2005-06/msg00583.html)

But seriously, if anything had been done _thousands_ of people would have
known by now.

 _"just append some commits to any repository"_

People will notice that _immediately_.

The simple fact of the matter is that due to a combination of both Git's
technical attributes and the Linux kernel development organization/practices,
we are _quite_ safe. This was addressed last time this topic came up, I feel
you should probably read some of the responses you got that time.

If you still want to be concerned, I advise addressing this: [http://git-
blame.blogspot.com/2011/08/how-to-inject-maliciou...](http://git-
blame.blogspot.com/2011/08/how-to-inject-malicious-commit-to-git.html)

~~~
zobzu
See, the issue is that many think "but big guys would know!" Big guys actually
do not care much.

People do not notice that. Such bugs (that can be exploited) are inserted into
the kernel very often, even from legit people and no one notices. [1] I don't
blame them, but we can't _trace_ it if it's been done by an attacker.

About your second link, once again, you limit yourself to attacking linux.git.
Unless you crack SHA (which, is actually possible, it just looks terribly odd
in the commit, and has nothing to do with flapping your arms to fly).

Instead you append commits to a repository Linus pulls from for patches, and
you can do it so that when Linus pulls, he gets the extra patch, and when the
owner pushes, nothing happens. Heck you can even hide it from the gitweb
interface. You can even do that on Linus's linux.git directly, but since
zillion people look at it, its much safer to go through a branch Linus will
pull from.

Oh and the code isn't going to be a bind shell in the f. middle. it's going to
be a dangling pointer or the like, that you know, these devs miss every other
week as pointed out in [1] and bang, here's your exploit.

Do you think all attackers are that retarded that they can't spend an HOUR
modifying GIT for this?

Keep the blind-folds on.

Bonus conspiracy theory:

Imagine they find such a commit, by luck or hard-work, signed off of course by
someone Linus pulls from. They're going to do what? probably leave it there in
a couple of month have a fix (that won't go in CVE as many of their fixes
which aren't found externally). No one will be able to tell if it came from
the attack (which would be a PR disaster for Linux) or not, even if uncovered.

~~~
burgerbrain
_"Unless you crack SHA (which, is actually possible, it just looks terribly
odd in the commit, and has nothing to do with flapping your arms to fly)."_

Don't be absurd. You have to craft a 1) valid C file that 2) contains and
exploit which 3) _doesn't_ look "terribly odd" and 4) has the same SHA1.
_"HOUR"_ LOL!

Linus's urination world domination plan is far more practical.

As for the rest: PRATT

