git-annex/Annex
Joey Hess bd5affa362
use hmac in balanced preferred content
This deals with the possible security problem that someone could make an
unusually low UUID and generate keys that are all constructed to hash to
a number that, mod the number of repositories in the group, == 0.
So balanced preferred content would always put those keys in the
repository with the low UUID as long as the group contains the
number of repositories that the attacker anticipated.
Presumably the attacker than holds the data for ransom? Dunno.

Anyway, the partial solution is to use HMAC (sha256) with all the UUIDs
combined together as the "secret", and the key as the "message". Now any
change in the set of UUIDs in a group will invalidate the attacker's
constructed keys from hashing to anything in particular.

Given that there are plenty of other things someone can do if they can
write to the repository -- including modifying preferred content so only
their repository wants files, and numcopies so other repositories drom
them -- this seems like safeguard enough.

Note that, in balancedPicker, combineduuids is memoized.
2024-08-10 16:32:54 -04:00
..
AdjustedBranch multiple -m second try 2024-04-09 12:56:47 -04:00
Branch newtype MapLog 2023-11-13 14:37:22 -04:00
Concurrent differentiate between concurrency enabled at command line and by git config 2020-09-16 11:47:12 -04:00
Content disk free checking for unsized keys 2024-01-16 14:29:10 -04:00
Debug implement fastDebug 2021-04-06 15:24:28 -04:00
LockPool avoid annexFileMode special case 2023-04-27 15:58:37 -04:00
MetaData sqlite datbase for importfeed 2023-10-23 16:46:22 -04:00
SpecialRemote proxied exporttree=yes versionedexport=yes remotes are not untrusted 2024-08-08 15:24:19 -04:00
VectorClock Lower precision of timestamps in git-annex branch 2023-12-11 15:04:06 -04:00
View annex.maxextensions configuration 2024-04-18 14:23:38 -04:00
Action.hs remove dead nodes when loading the cluster log 2024-06-16 14:39:44 -04:00
AdjustedBranch.hs adjust unlocked execute bit handling 2024-05-28 12:39:42 -04:00
AutoMerge.hs push RawFilePath down into Annex.ReplaceFile 2023-10-26 13:36:49 -04:00
Balanced.hs use hmac in balanced preferred content 2024-08-10 16:32:54 -04:00
BloomFilter.hs filter out control characters in warning messages 2023-04-10 15:55:44 -04:00
Branch.hs smarter BranchState cache invalidation 2024-07-28 12:33:32 -04:00
BranchState.hs smarter BranchState cache invalidation 2024-07-28 12:33:32 -04:00
CatFile.hs read a consistent amount from pointer file 2022-02-23 12:52:34 -04:00
ChangedRefs.hs Apply codespell -w throughout 2023-03-17 15:14:58 -04:00
CheckAttr.hs config: Added the --show-origin and --for-file options 2023-06-12 16:24:31 -04:00
CheckIgnore.hs move several readonly values to AnnexRead 2022-06-28 15:40:19 -04:00
Cluster.hs clusters need enableInteractiveBranchAccess 2024-07-28 12:39:42 -04:00
Common.hs avoid build warning on windows 2024-03-26 13:16:33 -04:00
Concurrent.hs use ResourcePool for hash-object handles 2022-07-25 17:32:39 -04:00
Content.hs final fix to windows build 2024-07-29 16:32:24 -04:00
CopyFile.hs RawFilePath conversion 2024-01-19 14:26:21 -04:00
CurrentBranch.hs refactor getCurrentBranch 2018-10-19 17:29:18 -04:00
Debug.hs display explanations in --debug too 2023-07-31 13:06:40 -04:00
Difference.hs filter out control characters in warning messages 2023-04-10 15:55:44 -04:00
DirHashes.hs Added http special remote, which is useful for accessing other remotes that publish content stored in them via http/https. 2020-09-01 15:16:35 -04:00
Drop.hs don't count clusters as copies, continued 2024-06-16 15:14:53 -04:00
Environment.hs improve comments 2023-04-04 15:23:39 -04:00
Export.hs rename Git.Filename to Git.Quote 2023-04-12 17:22:03 -04:00
ExternalAddonProcess.hs startExternalAddonProcess add parameters 2024-04-17 13:09:10 -04:00
FileMatcher.hs balanced preferred content and --rebalance 2024-08-09 14:16:09 -04:00
Fixup.hs fix a bug that prevented git-annex init from working in a submodule 2021-01-21 15:33:15 -04:00
GitOverlay.hs filter out control characters in error messages 2023-04-10 13:50:51 -04:00
HashObject.hs use ResourcePool for hash-object handles 2022-07-25 17:32:39 -04:00
Hook.hs filter out control characters in warning messages 2023-04-10 15:55:44 -04:00
Import.hs proxied exporttree=yes versionedexport=yes remotes are not untrusted 2024-08-08 15:24:19 -04:00
Ingest.hs log migration trees to git-annex branch 2023-12-06 15:40:03 -04:00
Init.hs remove dead nodes when loading the cluster log 2024-06-16 14:39:44 -04:00
InodeSentinal.hs fix perms for core.sharedRepository 2023-04-26 16:29:11 -04:00
Journal.hs share single BranchState amoung all threads 2024-07-28 12:30:27 -04:00
Link.hs fix hang when built with unix-2.8 2023-08-01 20:22:28 -04:00
Locations.hs rename to annexobjects location on unexport 2024-08-04 11:58:07 -04:00
LockFile.hs avoid annexFileMode special case 2023-04-27 15:58:37 -04:00
LockPool.hs update licenses from GPL to AGPL 2019-03-13 15:48:14 -04:00
Magic.hs Serialize use of C magic library, which is not thread safe. 2020-09-17 17:27:42 -04:00
MetaData.hs filter out control characters in warning messages 2023-04-10 15:55:44 -04:00
Multicast.hs use programPath consistently, not readProgramFile 2020-03-30 16:06:27 -04:00
Notification.hs fix build when dbus is enabled 2022-07-05 13:06:45 -04:00
NumCopies.hs toward SafeDropProof expiry checking 2024-07-04 12:39:06 -04:00
Path.hs Propagate --force to git-annex transferrer 2024-07-23 21:16:56 -04:00
Perms.hs avoid annexFileMode special case 2023-04-27 15:58:37 -04:00
PidLock.hs fix windows build 2022-09-26 12:08:04 -04:00
Proxy.hs proxy stores received keys to known export locations 2024-08-07 09:47:34 -04:00
Queue.hs add restage log 2022-09-23 15:47:24 -04:00
RemoteTrackingBranch.hs run codespell throughout fixing typos automagically 2024-05-01 15:46:21 -04:00
ReplaceFile.hs push RawFilePath down into Annex.ReplaceFile 2023-10-26 13:36:49 -04:00
SafeDropProof.hs use REMOVE-BEFORE in P2P protocol 2024-07-04 13:47:38 -04:00
SpecialRemote.hs init: Avoid autoenabling special remotes that have control characters in their names 2023-04-12 12:37:12 -04:00
Ssh.hs run codespell throughout fixing typos automagically 2024-05-01 15:46:21 -04:00
StallDetection.hs add directional stalldetection and bwlimit configs 2024-01-19 15:27:53 -04:00
Startup.hs Avoid loading cluster log at startup 2024-07-31 15:54:14 -04:00
TaggedPush.hs simplify base64 to only use ByteString 2023-10-26 13:10:05 -04:00
Tmp.hs fix empty tree import when directory does not exist 2023-08-15 12:57:41 -04:00
Transfer.hs add optional object file location to storeKey 2024-07-01 10:42:27 -04:00
TransferrerPool.hs avoid build warning on windows 2023-03-27 12:19:26 -04:00
UntrustedFilePath.hs fix mojibake reversion in display of utf8 2023-04-12 13:53:30 -04:00
UpdateInstead.hs v7 for all repositories 2019-08-30 14:09:14 -04:00
Url.hs avoid unncessary use of curl when conduit will do 2023-08-22 10:25:53 -04:00
UUID.hs proxying GET now working 2024-06-11 15:09:43 -04:00
VariantFile.hs more RawFilePath 2019-12-18 17:10:28 -04:00
VectorClock.hs deal better with clock skew situations, using vector clocks 2021-08-04 12:33:46 -04:00
Verify.hs When proxying an upload to a special remote, verify the hash. 2024-07-29 13:40:51 -04:00
Version.hs v8 repositories automatically upgrade to v9 2022-07-25 16:20:04 -04:00
View.hs annex.maxextensions configuration 2024-04-18 14:23:38 -04:00
Wanted.hs new matching options --want-get-by and --want-drop-by 2022-07-28 13:26:03 -04:00
WorkerPool.hs add Annex worker pool to P2PHttp 2024-07-10 12:19:47 -04:00
WorkTree.hs use lookupKeyStaged in --batch code paths 2022-10-26 14:43:06 -04:00
YoutubeDl.hs run codespell throughout fixing typos automagically 2024-05-01 15:46:21 -04:00