Comments (8)
One possible security impact scenario is the following:
Alice and Bob shares a repository. Alice uploads evil.exe, a malicious file.
Alice has used a vulnerability in the md5 checksum and designed the file so
that its checksum is identical to the checksum of dostuff.exe, a well-known
useful program.
Bob uploads his dostuff.exe. However, since it has the same checksum as the
existing evil.exe, it is not actually uploaded. Boar notices (wrongly) that it
already has this file in the repo and uses that copy instead.
Some time later, Bob downloads his dostuff.exe file again. However, instead he
receives the evil.exe that Alice uploaded earlier. When he executes the
program, bad things will happen.
Original comment by [email protected]
on 2 Sep 2011 at 8:33
from boar.
Fixed in changeset 5518090482c9. All files now have a corresponding sha256
checksum that ensures that no collisions can go undetected.
Original comment by [email protected]
on 25 Sep 2011 at 9:17
- Changed state: Verified
from boar.
Reopening the issue. As it turns out, the implemented solution is too slow. A
verification on a repository will take about twice as long with md5 collision
detection enabled (due to the verification of the sha256 database). I had hoped
to mitigate this slowdown by using python multiprocessing features, but while
that works well on Linux, I have not succeeded in making it work on windows.
Due to md5 collision detection being a somewhat niche feature, I'm going to
disable that feature for the next release as to not make boar slower for the
current boar user base.
Original comment by [email protected]
on 8 Nov 2011 at 11:45
- Changed state: Accepted
from boar.
Issue 80 has been merged into this issue.
Original comment by [email protected]
on 12 Aug 2012 at 7:29
from boar.
One way to handle this is to store the first 8 bytes of the file as well and
check against that as well as the md5, this makes it nearly impossible to have
a collision even on purpose.
Original comment by [email protected]
on 21 Sep 2012 at 6:12
from boar.
In response to comment 5: Do you have a reference for your statement? I've
always assumed that md5 simply is inherently unsafe. If that can be mitigated
with a simple check of the first part of the contents, that would certainly
make things easier.
Original comment by [email protected]
on 22 Sep 2012 at 8:15
from boar.
Astronomical or not -- I'm slightly paranoid about it. Does it have to be
SHA256 to detect md5 collisions or might something fast like the SpookyHash
SnapRaid uses be an option as well?
Original comment by [email protected]
on 25 Dec 2013 at 1:16
from boar.
Or maybe this:
https://github.com/SaberParker/xxHash-Python
https://code.google.com/p/xxhash/
Original comment by [email protected]
on 25 Dec 2013 at 1:25
from boar.
Related Issues (20)
- AssertionError: All filenames should be unicode
- Show progress when commit HOT 4
- Should be able to do status and update even with broken manifest
- Folders are not deleted HOT 1
- files that have been uploaded via ci should not have to be re-uploaded if the command was interrupted HOT 1
- Too restrictive permissions on session folders HOT 1
- Canceled import causes MutexLocked error on subsequent import. HOT 1
- Dedup on Windows?
- convert big dir to repo without copying
- Race condition causing only the content in the latest of concurrent commits to be visible HOT 2
- When in a working dir, "boar list" could default to the working dir's repo and session
- 'boar ci --quiet' is not very quiet
- Server-side hard errors gives unexpected error messages on client side
- boar hung at the end of a large import HOT 3
- Locked repo timeout causes unfriendly message
- Repository information should be cached locally, at least per operation HOT 1
- Serve multiple repository with a single boar serve HOT 1
- Error importing file with "\" in the filename HOT 4
- Misleading error message when using citation marks in the REPO_PATH in windows HOT 3
- Revert and Update should be seperate commands HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from boar.