List for cgit developers and users
 help / color / mirror / Atom feed
* Killing plaintext git:// in favor of https:// cloning
@ 2016-02-22 18:16 Jason
  2016-02-22 18:22 ` Jason
                   ` (4 more replies)
  0 siblings, 5 replies; 18+ messages in thread
From: Jason @ 2016-02-22 18:16 UTC (permalink / raw)


Hello projects-with-mailing-lists,

Now that git.zx2c4.com runs over HTTPS, I'm considering getting rid of
the plaintext git:// endpoint for cloning.

This means:

git clone git://git.zx2c4.com/cgit
-->
git clone https://git.zx2c4.com/cgit

git clone git://git.zx2c4.com/password-store
-->
git clone https://git.zx2c4.com/password-store


Does anybody have any objections or comments?

Thanks,
Jason


^ permalink raw reply	[flat|nested] 18+ messages in thread
* Killing plaintext git:// in favor of https:// cloning
@ 2016-02-22 19:50 jea-signup-cgit
  2016-02-22 19:57 ` webmaster
  2016-02-22 19:59 ` mailings
  0 siblings, 2 replies; 18+ messages in thread
From: jea-signup-cgit @ 2016-02-22 19:50 UTC (permalink / raw)



On 22/02/16 19:16, Jason A. Donenfeld wrote:

>> Now that git.zx2c4.com runs over HTTPS, I'm considering getting rid of
>> the plaintext git:// endpoint for cloning.

Ferry Huberts Proclaimed Thus: 

>Yes, why?
>What's the point?
>
>The repos are public, so cloning them over https bring nothing, except 
>extra overhead and server load.

While pretty unlikely, in theory someone could MITM a git:// clone and
send the user a hax0red branch of cgit with integrated botnet which
the user then compiles and installs on their server.

Not sure if the extra server load is worth it to defend against this
case or not.  (Also, presumably the server is using the cgit smart http
endpoint so https clone is not much additional DATA, just the ssl
handshake; but definitely additional cpu for crypto operations.)

Thanks
-Joe


^ permalink raw reply	[flat|nested] 18+ messages in thread
* Killing plaintext git:// in favor of https:// cloning
@ 2016-02-22 20:43 jea-signup-cgit
  2016-02-23  5:05 ` Jason
  0 siblings, 1 reply; 18+ messages in thread
From: jea-signup-cgit @ 2016-02-22 20:43 UTC (permalink / raw)



"Eclipse Webmaster (Denis Roy)" Proclaimed Thus: 

>Everything is possible "in theory" ... But folks really need to stop 
>thinking that https is the impenetrable solution to everything.

HTTPS is definitely not the impenetrable solution to everything, but
there's no question it makes things *harder* for an attacker.

But as everyone else points out, this is a relatively unlikely attack;
there are almost certainly easier vectors of attack.  

(Also it was mentioned this would only work for people making a fresh
clone; anyone with an existing clone would almost certainly know
something was up.)

Something to keep in mind is that the https endpoint is already up, so
anyone who is actually concerned about this sort of attack can just
use https if they would like to, even if the git:// protocol stays open.

Also there is the issue of the book reference, which is hard to
change.  Though, for this, you could just have a dummy server which
redirects people, something which is essentially:

nc -l -p 9418 -c "echo -n 002AERR please use https://foo.bar/foo.git"

Cloning from that "git server" results in:

fatal: remote error: please use https://foo.bar/foo.git

(Of course, someone could still MITM *that*.  The returns from doing
so as an attacker are vanishingly small at that point.)

Thanks
-Joe


^ permalink raw reply	[flat|nested] 18+ messages in thread

end of thread, other threads:[~2016-02-25 17:21 UTC | newest]

Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-02-22 18:16 Killing plaintext git:// in favor of https:// cloning Jason
2016-02-22 18:22 ` Jason
2016-02-22 19:18 ` mailings
2016-02-22 19:56   ` Jason
2016-02-23  1:19 ` normalperson
2016-02-23  1:28   ` Jason
2016-02-23  5:08   ` Jason
2016-02-23  6:21     ` normalperson
     [not found]     ` <CANyOob14C3cZuwkQBpEv=Tr==KY=oULyUg7NX3B6vb8mfRkgDg@mail.gmail.com>
2016-02-23 14:03       ` [pass] " Jason
     [not found]         ` <CANyOob1KEfFd5-e5e9ETauvmakEiK7pU5083-7t8CzTW5-QrKQ@mail.gmail.com>
2016-02-23 14:34           ` Jason
2016-02-24 19:00 ` hacking
2016-02-25 17:21 ` Jason
2016-02-22 19:50 jea-signup-cgit
2016-02-22 19:57 ` webmaster
2016-02-23  5:02   ` Jason
2016-02-22 19:59 ` mailings
2016-02-22 20:43 jea-signup-cgit
2016-02-23  5:05 ` Jason

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).