* Brad Roberts <[EMAIL PROTECTED]> wrote:
> While I agree that a hash collision is bad and certainly worth
> preventing during new object creation, for it to actually implant a
> trojan in a build successfully it'd have to meet even more criteria
> than you've layed out. It'd have to...
> - provide all the public symbols the shadowed object provided so that it
> would still build and link successfully
that's not a problem. Most modules dont provide public symbols.
Especially not drivers. Generally it's the modules that _dont_ have any
global impact that get reviewed less stringently - an attacker would
thus choose them for psychological reasons anyway.
> - be shadowing an object that's part of an active tree
>
> Shadowing an object that's not part of the working tree means
> something on another branch or obsoleted some time in the past is
> still db corruption, but not nearly as big an issue from a trojan
> standpoint.
it's not DB corruption, it's a feature of GIT: it's a content _cache_,
new and old alike. Nothing in GIT says that old objects in the
repository (which are still very much part of history) cannot be revived
in newer trees. (in fact it regularly happens - e.g. if a fix is undone
manually.)
Ingo
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
