From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id F1B341396D0 for ; Sat, 19 Aug 2017 22:01:28 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B479AE0E08; Sat, 19 Aug 2017 22:01:22 +0000 (UTC) Received: from blaine.gmane.org (unknown [195.159.176.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 5688DE0DA7 for ; Sat, 19 Aug 2017 22:01:22 +0000 (UTC) Received: from list by blaine.gmane.org with local (Exim 4.84_2) (envelope-from ) id 1djBns-0005yA-R3 for gentoo-dev@lists.gentoo.org; Sun, 20 Aug 2017 00:01:12 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-dev@lists.gentoo.org From: Duncan <1i5t5.duncan@cox.net> Subject: [gentoo-dev] Re: [PATCH 2/2] git-r3.eclass: Explicitly warn about unsecure protocols Date: Sat, 19 Aug 2017 22:01:00 +0000 (UTC) Message-ID: References: <20170819082502.27716-1-mgorny@gentoo.org> <20170819082502.27716-2-mgorny@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Complaints-To: usenet@blaine.gmane.org User-Agent: Pan/0.143 (Quaint little villages here and there; 720a1c5b3) X-Archives-Salt: 7bfbd96b-f602-4f94-be61-7e7168a70276 X-Archives-Hash: ea96da8b8c1fe286b1e924558405063a Michał Górny posted on Sat, 19 Aug 2017 10:25:02 +0200 as excerpted: > Explicitly warn about any URI that uses an unsecure protocol (git, http) > even if it's a fallback URI. This is necessary because an attacker may > block HTTPS connections, effectively forcing the fallback to > the unsecure protocol. Thanks for this pair of patches. One minor correction, below. > eclass/git-r3.eclass | 11 ++++++++++- > 1 file changed, 10 insertions(+), 1 deletion(-) > > diff --git a/eclass/git-r3.eclass b/eclass/git-r3.eclass > index 42b586811368..1eb0baedc67f 100644 > --- a/eclass/git-r3.eclass > +++ b/eclass/git-r3.eclass > @@ -570,6 +570,15 @@ git-r3_fetch() { > > [[ ${repos[@]} ]] || die "No URI provided and EGIT_REPO_URI unset" > > + local r > + for r in "${repos[@]}"; do > + if [[ ${r} == git:* || ${r} == http:* ]]; then > + ewarn "git-r3: ${r%%:*} protocol in unsafe and may be subject to MITM attacks" s/in unsafe/is unsafe/ (Tho I can imagine a point at which "unsafe" becomes a list/array, defined at the top of the function along with the other defines, or in a new git-r3_check_unsafe function, at which point "in unsafe" could make sense. But that's not the structure here.) > + ewarn "(even if used only as fallback). Please use https instead." > + ewarn "[URI: ${r}]" > + fi > + done > + > local -x GIT_DIR > _git-r3_set_gitdir "${repos[0]}" > > @@ -582,7 +591,7 @@ git-r3_fetch() { > fi > > # try to fetch from the remote > - local r success saved_umask > + local success saved_umask > if [[ ${EVCS_UMASK} ]]; then > saved_umask=$(umask) > umask "${EVCS_UMASK}" || die "Bad options to umask: ${EVCS_UMASK}" -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman