On Sat, Sep 03, 2011 at 01:41:09AM +0300, Alexey Shvetsov wrote:
> Hi all!
> 
> Seems rsbac alive again and its people created a repo with git gpg 
> related things [1]
> 
> [1] http://git.rsbac.org/cgi-bin/gitweb.cgi?p=git-gpg.git;a=summary
A strongly related discussion was had on IRC last night, and I see that
this RSBAC project falls vulnerable to the exact same attack that I
described.

I'll include it here for good measure.
1. Many months before the visible part of the attack, the attacker
   constructs a preimage attack, probably in some file that includes
   binary junk padding.
1.1 The pre-image attack has:
    M = malicious code
	S = safe code
	P1 = padding #1
	P2 = padding #2
	SHA1(M | P1) == SHA1(S | P2).
	(M | P1) and S | P2 are used as blobs.
1.2. The attack controls all 4 parts, pre-image attacks against SHA1
     have been well-described in papers since 2006.
2. Attacker compromises the Git service.
2.1. Getting into the system
2.2. Replace the safe blob with the malicious blob.
3. Profit.

The above attack will NOT be detected by the RSBAC commit signing.

-- 
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail     : robbat2@g.o
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85