It's very true that you are running software that could very well have backdoors (who isn't – has anyone reviewed all of GNU/Linux personally?). It's still kind of sketchy for the sysadmin to ask you to turn of cert checking, but probably fine. After all, the git:// protocol has no security at all and we use that by default. But some security does come from the use of SHA1 for content addressing in git itself – in order to inject code into a git repository and have the hash come out right, you'd need to fabricate some SHA1 collisions, which is tough. So yeah, probably fine, but maybe not a great longer-term solution?
On Fri, Aug 1, 2014 at 7:54 AM, Florian Oswald <[email protected]> wrote: > ok, thanks Ivar. I am not worried about the sysadmin at all. I would have > been worried if the system is shut down by an attack that enters through my > door, but I was advised to turn SSL checking off anyway. I agree that there > seems little to gain from attacking a facility like that (pure research > a.k.a. random guys software doing fun things :-) ). > thanks for chipping in gael as well - it's beyond me judging those things, > so good to hear from you guys. > > florian > > > On 1 August 2014 12:34, Ivar Nesje <[email protected]> wrote: > >> You are at a security level where it is acceptable to use random guys >> software downloaded from the internet, that explicitly says in the licence >> that you are offered NO guarantees for anything. The software is so complex >> that it is impossible for you to review even a fraction of it for security >> (or else you would have reported numerous bug reports when you discovered >> unrelated things along the way). Stefan and Jeff seems to be following code >> updates in the Julia repository closely, but I don't know how many others >> review every commit. They have also given away Push access to lots of >> random people, some whom he has never even met in person. >> >> I would not worry too much about the possibility that your sysadmin might >> change something that might compromise your system. He has access anyway. >> Large scale attackers (at the ISP layer) will probably attack protocols >> that are more used than git over https with a fake certificate. They will >> not know who verifies signatures and who does not. >> >> Ivar >> >> kl. 12:45:48 UTC+2 fredag 1. august 2014 skrev Florian Oswald følgende: >>> >>> that does sound worrying. I doubt the admin wants to know what I'm >>> downloading but rather get (temporarily) rid of a problem. Does that >>> compromise the security of the hpc system or does it mean someone could >>> hack my github account? >>> >>> >>> On 1 August 2014 08:02, <[email protected]> wrote: >>> >>>> Sounds like a bad idea. If the SSL cert is not correct in your >>>> configuration (whereas it is in the outside world) it becomes clear that >>>> your admin just want to know what you are downloading. >>>> >>>> Basically, he told you "Please let us perform MITM attack on your >>>> connexion. To make our job easier, please desactivate all the SSL checks so >>>> that our cert (and maybe others) are accepted". >>>> >>>> The extra downside is that now anyone can alter the data you are >>>> downloading and you won't have the slightest idea this is happening (if >>>> that happens). >>>> >>> >>> >
