>> ... it's possible to introduce unwanted contents (and random
>> control artifacts) ...
I can foresee another attack that could be used to inject malicious
control artifacts into the repository (depending on the bundle
implementation). The attacker creates a delta control artifact
referencing an as-yet unpublished innocuous artifact. Once that has been
inserted, they later submit that artifact as well (which resolves the
delta, and makes the malicious control artifact available). The way to
prevent this would be to reject any unresolved deltas when importing a
bundle.
In general, I think `bundle import` should allow only:
- manifests
- regular files referenced by in-bundle manifests
- control artifacts referencing in-bundle manifests
My comments about `bundle import` also apply to any new "pull
request"-like feature.
Regards,
Eduard
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
