• kevincox@lemmy.ml
    link
    fedilink
    arrow-up
    3
    ·
    7 hours ago

    I’m a little confused by what this is saying. It seems that you can create a basically identical commit with a different signature and thus a different (hashed) ID.

    So basically you can take a Signature S1 and produce a valid Signature S2 over the same data that is not identical.

    This doesn’t seem like a very useful exploit primitive to me. Not nothing, but doesn’t seem like a big deal. I feel like I am misunderstanding something.

    • ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
      link
      fedilink
      arrow-up
      3
      ·
      6 hours ago

      A green “Verified” badge on GitHub is supposed to mean that a trusted author signed it, and its ID is a one of a kind fingerprint for that exact code. Turns out that the second promise of a unique fingerprint does not hold. It matters because security teams and package systems behind tools like Go, Nix, and GitHub Actions trust that ID as a unique handle for code. An attacker can reissue the same signed code under a fresh ID that’s still verified to slip past.

      • kevincox@lemmy.ml
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        5 hours ago

        I don’t understand. Why does having two commit IDs with the exact same code cause problems.

        A green “Verified” badge on GitHub is supposed to mean that a trusted author signed it

        The author did sign it. It is the exact same code.

        An attacker can reissue the same signed code under a fresh ID that’s still verified to slip past.

        To split past what? At best it seems that they would be able to have a different ID for the exact same code, which seems harmless? Slightly confusing at worst.

        Nix also doesn’t use PGP signatures, it requires a separate hash of the resulting commit (the files with the .git directory stripped by default).

        • ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
          link
          fedilink
          arrow-up
          3
          ·
          5 hours ago

          Right, it’s not a serious exploit which would allow changing code, but it does allow compromising integrity because changing the id mutates history.

        • jatone@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          5 hours ago

          sounds like the author thinks because their purist definition is violated its a problem vs it actually being a problem. im in the same boat as you. I dont see the issue with the commit hash changing long as the code doesnt change.