[darcs-users] Security

Peter Busser busser at m-privacy.de
Mon Dec 27 15:34:34 UTC 2004


On Monday 27 December 2004 15:41, you wrote:
> 2004-12-27T09:50:23 Peter Busser:
> > We've seen people trying to introduce trojan horses in the
> > repositories of various projects, like the Linux kernel CVS copy.
> That "we've seen" them is testimony to the fact that the tooling
> surrounding the major repos defies such efforts pretty well:-).

That is a too optimistic view: They have been *detected*, but not prevented by 
these tools. Nor have the tools themselves detected these tampering, it was 
humans who figured it out AFAIK.

> Fundamentally, if someone can use an unrelated hole to break in to a
> master repo server, game's over, they can hand-edit the repo to
> slide their trojan in no matter what. But as long as they have to
> try and slip their mods in through the normal flow of the code mgmt
> system, I think darcs's design may make it as robust as any and more
> so than most at giving maintainers good odds of catching sneaky
> stuff before it gets published.

That is true for situations where there is no additional security provided to 
protect the repository. If you would have e.g. GnuPG signed files, then you 
would not just have to hack the machine, but also have to somehow get the 
private key used + passphrase. This would make silently introducing trojans 
harder to do and easier to detect.

Groetjes,
Peter.




More information about the darcs-users mailing list