security - Use git to secure web project directories -
i working on cms project set on insecure server numerous other projects out of control.
recently js files have been placed, replaced , edited adding malicious code unknown attackers through unknown vector. - hoster refused see problem or help finding loophole. client refused alter hoster or upgrade total blown root server harden myself.(sigh) secure project thought of making publicly accessible directories git monitored notified of changes via hook , repair whole thing simple reset.
question: there reason should not this? might open new security issues don't see now?
you shouldn't utilize such servers. if can alter files on file system, might alter configuration of web- or application server or executables git. if scheme corrupted in such way, cannot trust output of git.
in general git can check integrity of repository (see git fsck). furthermore can show differences between working directory , index (see git status). pitfalls: attacker can create local commits. in case fsck passes , output of git status empty. hence have verify still have same ref.
if have ignored directories or files atttacker might utilize them inject code in application. illustration web frameworks ruby on rails have own tmp directory , utilize cache responses. directory ignored , hence git doesn't care if manipulates these files.
depending on webservers configuration simple git clone your_repo in webroot might publish content of .git directory. in case have published source , finish history (a clone of repository contains whole history including author names , email addresses).
ofcourse shouldn't give user write permissions on repository cloned from. otherwise attacker might force local commits repository. might hard observe such commits, because might utilize email addresses, name , commit messages history. can avoided using signed commits , checking them.
if aware of these pitfalls, git assures integrity of source code expect. doesn't monitor state, doesn't actively tell if changed. if checkout , go away, git doesn't prevent else changing files. can come , see changes , maybe revert them.
git security content-management-system
No comments:
Post a Comment