Killing plaintext git:// in favor of https:// cloning

Joe Anakata jea-signup-cgit at anakata.org
Mon Feb 22 21:43:09 CET 2016


"Eclipse Webmaster (Denis Roy)" Proclaimed Thus: 

>Everything is possible "in theory" ... But folks really need to stop 
>thinking that https is the impenetrable solution to everything.

HTTPS is definitely not the impenetrable solution to everything, but
there's no question it makes things *harder* for an attacker.

But as everyone else points out, this is a relatively unlikely attack;
there are almost certainly easier vectors of attack.  

(Also it was mentioned this would only work for people making a fresh
clone; anyone with an existing clone would almost certainly know
something was up.)

Something to keep in mind is that the https endpoint is already up, so
anyone who is actually concerned about this sort of attack can just
use https if they would like to, even if the git:// protocol stays open.

Also there is the issue of the book reference, which is hard to
change.  Though, for this, you could just have a dummy server which
redirects people, something which is essentially:

nc -l -p 9418 -c "echo -n 002AERR please use https://foo.bar/foo.git"

Cloning from that "git server" results in:

fatal: remote error: please use https://foo.bar/foo.git

(Of course, someone could still MITM *that*.  The returns from doing
so as an attacker are vanishingly small at that point.)

Thanks
-Joe


More information about the CGit mailing list