bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GPG-signed commits: a new exploit to consider


From: Derek Price
Subject: Re: GPG-signed commits: a new exploit to consider
Date: Sat, 24 Sep 2005 12:48:38 -0400
User-agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)

Jim Hyslop wrote:

> The malicious attacker wants to be the wolf in the story of the boy
> who cried wolf.
>
> Again, I'm not sure if these attacks can be easily prevented, but it
> may be worth noting them so inexperienced CVS administrators (of which
> we see a lot - "HELP! I got tossed into this job, how do I {...}")
> know how to respond.


This might also be useful in the FAQ, under "common error messages".  It
seems to me your fish-out-of-water admins often haven't read the manual
yet when they approach the mailing list anyhow.  :)

> I would suspect that the overhead of ASCII-armouring would be fairly
> small compared to the overhead of verifying the signature. By the way,
> has anyone attempted to project or guess at the overhead adding the
> basic signing will add?


Well, from what I've seen, ASCII armor looks to quadruple or so the
space required to store a signature, off the top of my head.  It also
means more complicated command-line templates.  I really don't want to
do this without sufficient justification and I'm not sure I see passing
huge sigs on the loginfo command line as justification.  If anyone wants
to write the hook later, perhaps a %S could be added to the %{sSvVt}
loginfo/commitinfo paramaters, where %S is a path to a sigfile.

As for overhead involved in actually exec'ing GPG, once per committed
file, it only runs on the client, so I don't think it will be a big
deal.  The server only needs to store the new info in the RCS file and
send it to clients.  On rare ocasions it may have to parse some metadata
out of the signatues.  Shouldn't be too much work for the server.

Regards,

Derek

-- 
Derek R. Price
CVS Solutions Architect
Ximbiot <http://ximbiot.com>
v: +1 717.579.6168
f: +1 717.234.3125
<mailto:address@hidden>






reply via email to

[Prev in Thread] Current Thread [Next in Thread]