On Mon, Mar 5, 2012 at 18:25, Richard Hipp <d...@sqlite.org> wrote: > On Mon, Mar 5, 2012 at 6:14 PM, Leo Razoumov <slonik...@gmail.com> wrote: >> >> In light of a recent Github compromise https://lwn.net/Articles/485162/ >> I am curious of how one can detect and repair a compromised fossil site?? > > The code that is already checked in is cryptographically secure. Changing > the code is as difficult as a pre-source attack on SHA1: currently > considered to be impossible with existing or foreseeable technology. > > An attacker can add new artifacts, to do things like add new leaf check-ins, > change existing check-in comments or check-in times, or move check-ins to > different branches and whatnot. But those kinds of changes are readily > apparent on the timeline. And they can be undone. >
What happens if an attacker can shun artifacts, rebuild database, edit commit messages, events, tickets, etc? Fossil sync might happily pull compromised items into a local repo. Carefully crafted commit edits might disguise malicious actions. Am I being paranoid:-)? --Leo-- _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users