[21:40] <danderson> inserting an extra diff stream would make the svndiff library go "huh?" when trying to apply diffs of later revisions, because of new offsets etc. [21:41] <danderson> It's certainly not impossible to write a tool that "redeltifies" the whole repository for you [21:41] <danderson> updating offsets and such in later revs [21:41] <danderson> but it'd be horribly difficult imho [21:41] <toad_> but that would cause issues on an update? [21:41] <danderson> that would at least cause the svn server to tell the client his working copy is corrupt [21:42] <toad_> right [21:42] <danderson> because what the client sees as r100 is not what the server sees as r100 [21:42] <toad_> cool [21:42] <toad_> okay, i think we'll go and implement our new repository now :) [21:42] <danderson> :-) [21:42] <nextgens> :) [21:42] <toad_> thanks danderson [21:42] <danderson> toad_: in that case, Welcome to Subversion! [21:43] <toad_> :) [21:42] <danderson> toad_: in that case, Welcome to Subversion! [21:43] <toad_> :) [21:43] <nextgens> toad_: how many commits do you think we had on CVS ? [21:44] <toad_> nextgens: about 9000 changesets in the cvs2svn import iirc [21:44] <nextgens> I mean how many subversion's rev. would it do ? [21:44] <danderson> toad_: if you'd like, I'll ping the other devs to get a more complete explanation of how an attacker could slip in things unnoticed [21:44] <danderson> there are several who are uber experts at all the relevant bits of the code [21:44] <toad_> danderson: that might be interesting [21:44] <danderson> (svndiff streams, checksumming and integrity checks)
On Sat, Oct 08, 2005 at 09:40:48PM +0100, Matthew Toseland wrote: > An interesting point from a friend on IRC: > [21:36] <danderson> well, first of all, you know that in Subversion > revision numbers are repository-global > [21:36] <danderson> so any commit bumps the whole repository rev by 1 > [21:37] <danderson> so even if somehow one mail doesn't go out > [21:37] <danderson> the next mail to get out will have a rev that is +2 > compared to the last mail > [21:37] <danderson> instead of +1 > [21:37] <danderson> so you'd detect holes quite fast that way > [21:38] <danderson> furthermore, you can query the repository for the > last revision it has > [21:38] <toad_> okay, and slipping one in would be quite difficult... > [21:38] <danderson> toad_: try impossible. > [21:38] <danderson> a missing revnum is just about the biggest integrity > failure in the repository > [21:38] <toad_> danderson: why impossible? > [21:38] <toad_> well yeah but can't he coalesce his change with somebody > else's? > [21:39] <danderson> well, that's not insertion, that's alteration > [21:39] <toad_> ... while that's possible, it would be very obvious to > somebody checking the changelog > [21:39] <toad_> cool > [21:39] <danderson> and he *could*, but he'd need to insert a svndiff > stream that is both compatible with previous diff streams, AND doesn't > break the diff streams of followup commits > [21:40] <toad_> i'll send an email out with part of this conversation, > suggesting that somebody write such a tool > [21:40] <danderson> I'm certainly not intimate with the svndiff system, > but I'd wager it'd be difficult > > On Sat, Oct 08, 2005 at 09:36:14PM +0100, Matthew Toseland wrote: > > If somebody compromizes the Subversion (or CVS) repository, they can > > potentially do commits without them going to the commit list, and > > therefore introduce evil code. Hopefully this will be picked up, but > > Freenet is quite large. If you want a non-java task to increase > > freenet's security, I suggest a script that can cross-reference the CVS > > list emails with the actual log from SVN/CVS, and flags up any > > discrepancies. If such a thing already exists, I'd be very interested; > > if it does not, some perl hacker who can't be bothered to learn java > > could write it. > -- > Matthew J Toseland - [EMAIL PROTECTED] > Freenet Project Official Codemonkey - http://freenetproject.org/ > ICTHUS - Nothing is impossible. Our Boss says so. > _______________________________________________ > Tech mailing list > Tech@freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/tech -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so.
signature.asc
Description: Digital signature
_______________________________________________ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
