W. Trevor King: > On Sun, Sep 14, 2014 at 10:38:41PM +0000, hasufell wrote: >> Yes, there is a possible attack vector mentioned in this comment >> https://bugs.gentoo.org/show_bug.cgi?id=502060#c16 > > From that comment, the point 1.2 is highly unlikely [1]: > > 1. Attacker constructs a init.d script, regular part at the start, > malicious part at the end > 1.1. This would be fairly simple, just construct two start() > functions, one of which is mundane, the other is malicious. > 1.2. Both variants of the script have the same SHA1... > >> So we'd basically end up using either "git cherry-pick" or "git am" >> for "pulling" user stuff, so that we also sign the blobs. > > Rebasing the original commits doesn't protect you from the birthday > attach either, because the vulnerable hash is likely going to still be > in the rebased commit's tree. All rebasing does is swap the committer > and drop the initial signature. >
According to Robin, it's not about rebasing, it's about signing all commits so that messing with the blob (even if it has the same sha-1) will cause signature verification failure.
