bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [task #4633] GPG-Signed Commits


From: Alexander Taler
Subject: Re: [task #4633] GPG-Signed Commits
Date: Wed, 05 Oct 2005 08:39:02 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wed,  5 Oct 2005 08:38:55 EDT

  Bernd> If I may jump into the middle here... if, AFAICT, the purpose is to
  Bernd> bind a signature to a specific commit and no other, and also to the
  Bernd> complete file contents (figuring out $strings$ later), would it not be
  Bernd> sufficient to generate, say,

  Bernd> ----- BEGIN PGP SIGNED MESSAGE -----
  Bernd> Comment: blah blah comments are untrusted

  Bernd>  Repository revision: 1.5 /home/cvs/cvsroot/ifsf-sst/foo.c,v
  Bernd>  #include <stdio.h>

I was thinking the same thing.  Signing the new revision number
is sufficient for preventing a replay attack.  If the revision
number and diff/complete file are signed as a chunk, the client
will not be able to replay a previous revision.

Signing of other stuff, like the location of or in the repository
is not useful because over time ,v files can move when directory
hierarchies or hosts are changed (consider recent switch from
cvshome to savannah).  So the information will not be verifiable
in the long term.

  Bernd> No, wait, if an attacker has root access to the CVS server, revision
  Bernd> numbers become untrusted.  Really all you're trying to achieve is to
  Bernd> identify the real culprit, so that Eve can't frame Alice.

If an attacker has access to the repository, and wishes to
resurrect an old buggy version of a file, with signed revision
numbers as above, they can rollback the file to a previous
revision.  However this would be detected rather easily, since it
would break all existing sandboxes, and either break the build or
remove newly added features.

In addition, none of the other proposed schemes would protect
against this rollback either.

Alex

- -- 
https://savannah.gnu.org/projects/libcvs-spec    Access CVS through a library.
PGP:  ID: 0x23DC453B  FPR: 42D0 66C2 9FF8 553A 373A  B819 4C34 93BA 23DC 453B
No Prime Minister, a clarification is not to make oneself clear, it is to put
oneself in the clear.   -- Sir Humphrey Appleby
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (OpenBSD)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>

iD8DBQFDQ8lmTDSTuiPcRTsRAnlGAKCIgAgu+j5HbQZmJRw7/TsWWuBfHwCeN20z
KwshZhuugukfA4LRmWfGb9Q=
=sL7k
-----END PGP SIGNATURE-----




reply via email to

[Prev in Thread] Current Thread [Next in Thread]