LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Not a big deal

Not a big deal

Posted Mar 7, 2012 10:34 UTC (Wed) by slashdot (guest, #22014)
Parent article: Github compromised

If a git repository is compromised, developers would notice on the next access, obviously, so it's not really an issue for actively developed projects.

Unless the git server has actually been replaced with one that serves the proper content to the developers, and malicious content to end-users, but this cannot be achieved with just database modification.

(Log in to post comments)

Not a big deal

Posted Mar 7, 2012 11:29 UTC (Wed) by job (guest, #670) [Link]

Not necessarily. He could attach his PGP key to any project in the system. If the key was made to look more like a trusted contributor, a malevolent commit could easily have gone undetected.

Not a big deal

Posted Mar 7, 2012 19:12 UTC (Wed) by Tobu (subscriber, #24111) [Link]

An extra commit at a busy time could easily be overlooked. But that isn't a certainty, so maybe someone would look for something else before tipping their hand, or would only do it if it's worth it (eg to escalate by putting a more general-purpose backdoor in github, which is self-hosted).

Not a big deal

Posted Mar 7, 2012 20:34 UTC (Wed) by dlang (✭ supporter ✭, #313) [Link]

it would be noticed, because the next time that the developer attempted to update the repository, he would get an error message saying that the repository wasn't what was expected.

Since that error doesn't happen under normal conditions, it takes more than just being busy to hide this.

Not a big deal

Posted Mar 7, 2012 22:25 UTC (Wed) by Tobu (subscriber, #24111) [Link]

On a single-developer repo maybe, but on a collaborative project I pull/rebase things without paying much attention.

Not a big deal

Posted Mar 7, 2012 22:32 UTC (Wed) by Tobu (subscriber, #24111) [Link]

And by collaborative I mean the centralised workflow where multiple people have commit rights and are actively using them. A semi-centralised workflow where multiple people are doing merges is also vulnerable.

Not a big deal

Posted Mar 8, 2012 9:45 UTC (Thu) by job (guest, #670) [Link]

You seem to think the only way to compromise hosted git trees is by manipulating the git tree from the file system. But what he would likely do is add himself to the Rails committers and do a legitimate commit. He needn't do it under his own name of course.

So, yes, this is a big deal. And it might not be such a good idea to trust a large unwieldy web application with your access keys. It might also not be such a good idea to write large web frameworks which by default gives anyone write access to your database fields unless explicitly told otherwise.

Not a big deal

Posted Mar 9, 2012 18:55 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]

unless you have multiple people pushing updates without much coordination with each other, it doesn't matter how the changes happen to the repo, the maintainer of that repo will be notified that it's not in the expected state the next time he tries to do a push to that repo.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds