freebsd-security : Message: FreeBSD needs Git to ensure repo integrity [was: 2012 incident]http://groups.yahoo.com/group/f...
freebsd-security : Message: FreeBSD needs Git to ensure repo integrity [was: 2012 incident]http://groups.yahoo.com/group/f...
freebsd-security : Message: FreeBSD needs Git to ensure repo integrity [was: 2012 incident]http://groups.yahoo.com/group/f...
freebsd-security : Message: FreeBSD needs Git to ensure repo integrity [was: 2012 incident]http://groups.yahoo.com/group/f...
Upcoming SlideShare
Loading in …5
×

Freebsd security - message- free bsd needs git to ensure repo integrity [was- 2012 incident]

719 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
719
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Freebsd security - message- free bsd needs git to ensure repo integrity [was- 2012 incident]

  1. 1. freebsd-security : Message: FreeBSD needs Git to ensure repo integrity [was: 2012 incident]http://groups.yahoo.com/group/freebsd-security/message/28708[6/24/13 9:38:10 AM]freebsd-securityOptionsHomeMessagesAttachmentsMembers OnlyPostFilesPhotosLinksDatabasePollsCalendarPromoteThe Yahoo! GroupsProduct BlogCheck it out!Group InformationMembers: 17Founded: Aug 7, 1998Language: EnglishAlready a member?Sign in to Yahoo!Yahoo! Groups TipsDid you know...Message search is nowenhanced, findmessages faster. Take itfor a spin.MessagesMessage # Search: Advanced Messages HelpTopic List   < Prev Topic  |  Next Topic >FreeBSD needs Git to ensure repo integrity [was: 2012incident] < Prev  Next >Posted By: Sat Nov 17, 2012 8:00 pm  |http://www.freebsd.org/news/2012-compromise.htmlhttp://it.slashdot.org/story/12/11/17/143219/freebsd-project-discloses-security-breach-via-stolen-ssh-keyThis is not about this incident, but about why major opensourceprojects need to be using a repository that has traceable, verifiable,built-in cryptographic authentication.Any of hundreds of committer and admin accounts could be compromisedwith the attacker silently editing the repo. The same applies toany of those accounts going rogue. Backtrack diffing from a breachto see what changed is not the ideal option. You really need tobe using a strong repo so that any attack on it is null from thestart. Another problem is bit rot wherever it may occur... disk,hardware, the wire, EMP and other systems.As it is now, we have no way to verify that what we get on pressedCDs, ISOs, FTP sites, torrents, etc is strongly linked back tothe original repo. Signing over a hash of the ISO is *not* the sameas including the strong repo hash (commit) that was used to buildthe release and then signing over that and the ISO. We cant knowthat our local repository updates match the master. ports.tar.gzhas no authentication either. Nor does anything in the entire projectthat originates from the current SVN/CVS repo... webpages, docs,tools, source tarballs, etc. The FTP packages arent signed, andthere are weak MD5s used in various parts of the install/packagetools, mirrors, etc. We cant trade hashes amongst people. Its alljust a bunch of random bits that someone may or may not have signedover. And even if signed they still wouldnt be strongly linkedback to the master repo. Having such a disconnect at the root ofeverything you do is simply not good practice these days.And these days, Git is what people and projects are moving to, andits rate of adoption and prevalence have essentially won out overall the rest in the new revision control 2.0 world. And knowingGit is now more or less essential if you want to participate in awide variety of community development, ref: github, etc.The FreeBSD project needs to be providing both itself, and its usersand benefactors with verifiable assurance that its repository, andany copies and derived products, are authentic and intact.Dont argue against such a repository feature, or the cost to move,or bury your head in the sand by saying it could never happen to us...Take this as a real opportunity to lead amongst the major opensourceprojects like Linux, and among the BSDs (like DragonFly has), andmove to Git.Once the root is fixed, you can push out secure distribution andupdate models from there. It all starts at the root and cant bedone without it.https://www.kernel.org/pub/software/scm/git/docs/git-fsck.htmlVerifies the connectivity and validity of the objects in the databasehttp://git-scm.com/about/info-assuranceThe data model that Git uses ensures the cryptographic integrityof every bit of your project. Every file and commit is checksummedand retrieved by its checksum when checked back out. Its impossibleto get anything out of Git other than the exact bits you put in.It is also impossible to change any file, date, commit message,or any other data in a Git repository without changing the IDs ofSettingsInfoNew User? Register Sign In Help Make Y! My Homepage Mail My Y! Yahoo!Search Web Go SearchReplySearch Search Web
  2. 2. freebsd-security : Message: FreeBSD needs Git to ensure repo integrity [was: 2012 incident]http://groups.yahoo.com/group/freebsd-security/message/28708[6/24/13 9:38:10 AM]everything after it. This means that if you have a commit ID, youcan be assured not only that your project is exactly the same aswhen it was committed, but that nothing in its history was changed.https://en.wikipedia.org/wiki/Git_(software)The Git history is stored in such a way that the id of a particularrevision (a "commit" in Git terms) depends upon the completedevelopment history leading up to that commit. Once it is published,it is not possible to change the old versions without it beingnoticed. The structure is similar to a hash tree, but with additionaldata at the nodes as well as the leaves.Some references...http://git-scm.com/https://github.com/http://gitweb.dragonflybsd.org/dragonfly.githttps://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git_______________________________________________freebsd-security@... mailing listhttp://lists.freebsd.org/mailman/listinfo/freebsd-securityTo unsubscribe, send any mail to "freebsd-security-unsubscribe@..."< Prev  Next >Expand Messages Author Sort by DateFreeBSD needs Git to ensure repo integrity [was: 2012incident]http://www.freebsd.org/news/2012-compromise.htmlhttp://it.slashdot.org/story/12/11/17/143219/freebsd-project-discloses-security-breach-via-stolen-ssh-key This...grarpampgrarpamp@...Nov 18, 20121:34 amRe: FreeBSD needs Git to ensure repo integrity[was: 2012 incident]Ð’ Sat, 17 Nov 2012 15:00:06 -0500 ... LOL And how willthis help Linux? http://lwn.net/Articles/457142/_______________________________________________ ...Ivan Klymenkofidaj@...Nov 18, 20121:35 amRe: FreeBSD needs Git to ensure repo integrity[was: 2012 incident][snip] Theres a git repository. Its public. You can look atwhat goes into the FreeBSD git clone to get your assurancethat things arent being snuck in....Adrian Chaddadrian@...Nov 18, 20125:13 amRe: FreeBSD needs Git to ensure repo integrity[was: 2012 incident]... Yup: https://github.com/freebsd/ _______________________________________________freebsd-security@... mailing list ...Robert Simmonsrsimmons0@...Nov 18, 20125:21 amRe: FreeBSD needs Git to ensure repo integrity[was: 2012 incident]Hello, Adrian. You wrote 18 ноÑÐ±Ñ€Ñ 2012 г.,8:55:54: AC> Theres a git repository. Its public. Youcan look at what goes into AC> the FreeBSD git clone...Lev Serebryakovlev@...Nov 18, 201210:45 amRe: FreeBSD needs Git to ensure repo integrity[was: 2012 incident]... Ive always been confused by this. Which source repois the true source of truth? To obtain the FreeBSDsource, you can use CVS, SVN, or Git? Do all have...Zach Lesliexaque208@...Nov 20, 20123:05 amRe: FreeBSD needs Git to ensure repointegrity [was: 2012 incident]... This changed a few months ago when ports anddoc switched. As of now: - SVN is *the* source oftruth. - CVS is exported from svn. It will eventuallygo...Eitan Adlerlists@...Nov 20, 20123:28 amRe: FreeBSD needs Git to ensure repointegrity [was: 2012 incident]... Would it be possible to publish FreeBSDsSubversion repository using HTTPS, instead ofHTTP? -- I FIGHT FOR THE USERS ...xenophon+freebsdxenophon+freebsd@...Nov 20, 20129:55 amRe: FreeBSD needs Git to ensure repointegrity [was: 2012 incident]... I dont know how often they update, but themirrors listed at http://www.freebsd.Gary Palmergpalmer@...Nov 20, 201212:07 pmReply
  3. 3. freebsd-security : Message: FreeBSD needs Git to ensure repo integrity [was: 2012 incident]http://groups.yahoo.com/group/freebsd-security/message/28708[6/24/13 9:38:10 AM]org/doc/handbook/mirrors-svn.html have bothhttp and https available Gary ...Re: FreeBSD needs Git to ensure repointegrity [was: 2012 incident]On 20 November 2012 04:54, xenophon+freebsd ... %svn ls https://svn0.us-west.FreeBSD.org/base/ -- Eitan Adler_______________________________________________ ...Eitan Adlerlists@...Nov 20, 20124:27 pmRe: FreeBSD needs Git to ensure repointegrity [was: 2012 incident]... You will get a certificate warning. Thecertificates used do not appear to be officiallysigned by a recognised CA. The hashes of thecertificate keys...Gary Palmergpalmer@...Nov 20, 20124:31 pmRe: FreeBSD needs Git to ensurerepo integrity [was: 2012 incident]... The certificates are self-signed. Whilstthe hashes are published on the FreeBSDwebsite, that site is only available viaHTTP so theres still a...Peter Jeremypeter@...Nov 21, 20123:20 amRe: FreeBSD needs Git to ensurerepo integrity [was: 2012 incident]... See DANE, RFC 6698. Mark -- MarkAndrews, ISC 1 Seymour St., DundasValley, NSW 2117, Australia PHONE:+61 2 9871 4742 INTERNET:...Mark Andrewsmarka@...Nov 21, 20123:38 amRe: FreeBSD needs Git to ensurerepo integrity [was: 2012 incident]... Which means getting the FreeBSD.orgdomain signed using DNSSEC.Something Id be very happy to see.Cheers, Matthew -- Dr Matthew JSeaman MA, D.Phil. PGP:...Matthew Seamanmatthew@...Nov 21, 201212:17 pmRe: FreeBSD needs Git to ensure repo integrity[was: 2012 incident]... http://mercurial.selenic.com/about/ -- Sphinx of blackquartz, judge my vow. _______________________________________________ freebsd-security@......Volodymyr Kostyrkoc.kworr@...Nov 19, 201212:57 pmRe: FreeBSD needs Git to ensure repo integrity[was: 2012 incident]... Even if it was BSD licensed, Mercurial has a hugedependency: Python; and Git is Perl-based. So neither ofthem is ideal, IMHO. If at all, wed need a lean...C. P. Ghostcpghost@...Nov 19, 20121:29 pmRe: FreeBSD needs Git to ensure repointegrity [was: 2012 incident]... http://mercurial.selenic.com/wiki/Licensehttp://selenic.com/hg/file/tip/COPYINGhttp://mercurial.selenic.com/about/ "Mercurial isfree software licensed...Mehmet Erol Sanliturkm.e.sanliturk@...Nov 19, 20121:29 pmRe: FreeBSD needs Git to ensure repointegrity [was: 2012 incident]http://www.fossil-scm.org/ Im not fossil user, butits BSD licensed in written in C. Baptise Daroussinprobably could tell us more about fossil pro andcons....Alexander Yerenkowyerenkow@...Nov 19, 20121:58 pmRe: FreeBSD needs Git to ensure repointegrity [was: 2012 incident]... This misses one of of the main points raisedin the original post. The proliferation of git as arevision control system. Also, this particular toolbails...Zach Lesliexaque208@...Nov 20, 20123:08 amRe: FreeBSD needs Git to ensure repointegrity [was: 2012 incident]... I would argue that git bails on that as well,but thats a different discussion. Whether ornot fossil does "one thing" depends on which"one thing" you...Mike Meyermwm@...Nov 20, 201211:48 amRe: FreeBSD needs Git to ensure repointegrity [was: 2012 incident]... Look at the internal of fossil and howthings are done in fossil and you wouldunderstand that the last sentence is totallyBaptiste Daroussinbapt@...Nov 21, 20122:17 am
  4. 4. freebsd-security : Message: FreeBSD needs Git to ensure repo integrity [was: 2012 incident]http://groups.yahoo.com/group/freebsd-security/message/28708[6/24/13 9:38:10 AM]wrong. Fossil has really nice...Re: FreeBSD needs Git to ensure repointegrity [was: 2012 incident]... Nope, git is almost all C even though some othertools relying on git are in Perl. ... We dont have svn inbase either. Your point? -- Ollivier ROBERT...Ollivier Robertroberto@...Nov 19, 20121:43 pmRe: FreeBSD needs Git to ensure repo integrity[was: 2012 incident]... http://selenic.com/repo/hg/file/fd903f89e42bhttp://selenic.com/repo/hg/file/fd903f89e42b/COPYING "GNU GENERAL PUBLIC LICENSE ...Mehmet Erol Sanliturkm.e.sanliturk@...Nov 19, 20121:17 pmRe: FreeBSD needs Git to ensure repo integrity... FUD. Committer accounts dont have direct access to therepo. DES -- Dag-Erling Smørgrav - des@..._______________________________________________ ...Dag-Erling Smørgravdes@...Nov 25, 20129:14 pm< Prev Topic  |  Next Topic >Copyright © 2010 Yahoo! Inc. All rights reserved.Privacy Policy - Terms of Service - Guidelines NEW - Help 

×